Malware Analysis Report

2024-10-19 10:43

Sample ID 241010-x24pjaxfkn
Target 3176d1d3343727b075dd190b830013f8_JaffaCakes118
SHA256 86230a352fc6f42ef28276a133bf9cc64f528db0aa320b45a263fd125ef81293
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

86230a352fc6f42ef28276a133bf9cc64f528db0aa320b45a263fd125ef81293

Threat Level: Known bad

The file 3176d1d3343727b075dd190b830013f8_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Xorist Ransomware

Detected Xorist Ransomware

Xorist family

Renames multiple (2209) files with added filename extension

Renames multiple (2186) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-10 19:21

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-10 19:21

Reported

2024-10-10 19:24

Platform

win7-20240903-en

Max time kernel

119s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2209) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2pheq6ZBMROry17.exe" C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_hash_tables.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wdi\perftrack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Parsing.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_split.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Reserved_Words.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_data_sections.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00e.inf_amd64_neutral_0a4797d9b127d3a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_logical_operators.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_neutral_3500779911f7f3ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Variables.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_format.ps1xml.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_operators.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_neutral_8e3809aa77440c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_neutral_ce587aa61510da51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hcw85c64.inf_amd64_neutral_96b71557b416d04a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_do.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_While.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiasa002.inf_amd64_neutral_6429a42f1243419a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Throw.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_neutral_d225e15af1a594cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt002.inf_amd64_neutral_df2060d80de9ff13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_neutral_be11b7aaa746e92d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Switch.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00x.inf_amd64_neutral_808baf4e08594a59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_amd64_neutral_914d6c300207814f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_neutral_735aa3b5ee832f62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_providers.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_neutral_09132735f1063a47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_neutral_c150a510c4b85ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_wildcards.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_History.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_neutral_351e56205fd4c200\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\RELAY.CER C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387578.JPG C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR5B.GIF C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01931J.JPG C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24ImagesMask.bmp C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDownArrow.jpg C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\PUSH.WAV C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0315580.JPG C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\DADSHIRT.HTM C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\TableTextService\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_LightSpirit.gif C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313970.JPG C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51F.GIF C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_prnlx009.inf_31bf3856ad364e35_6.1.7600.16385_none_4b628b5375ea75dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-printp.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_abb63d4dfe478815\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ortingapi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e55acb71ead1c2f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-native-80211-netnwifi_31bf3856ad364e35_6.1.7600.16385_none_3c62c8c0e6327a5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-rmcast.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9a9d3ee6fc5cc973\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a4c9c9294fb161c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b279b74d7b64cee2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-security-negoexts_31bf3856ad364e35_6.1.7600.16385_none_1434ded81321974b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wialx002.inf_31bf3856ad364e35_6.1.7600.16385_none_04a3e5f268636849\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..cy-gptext.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4d53ae3658452e22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-msident.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad0baf5d29cdd8d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netbios_31bf3856ad364e35_6.1.7600.16385_none_b5d6a9d184d05567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_es-es_62d5e8dab0b2dc6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-t..esframework-msctfui_31bf3856ad364e35_6.1.7600.16385_none_90e0e8d4377a2ff6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..utoenroll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b9af51d366400194\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_8.0.7600.16385_it-it_a5ce1aed177be6e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ff8a9baca284605a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-intl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_21f4c9c99f29759c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-p..ment-troubleshooter_31bf3856ad364e35_6.1.7600.16385_none_85fb12491b62c9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-pnpinstaller_31bf3856ad364e35_6.1.7600.16385_none_92912dba3d7acd4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..epc-sensors-service_31bf3856ad364e35_6.1.7600.16385_none_6e18bc60a12bbb18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..on-hkmsvc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_df3eea7bc320443e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ntshrui_31bf3856ad364e35_6.1.7601.17514_none_ba35b3e012fe4f4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-setx.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c40d25daeca7f30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-imapiv2-legacyshim-mof_31bf3856ad364e35_6.1.7600.16385_none_3af3f269c22f8b6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e393513a419397ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_49ed934cce6107e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..e-upgrade.resources_31bf3856ad364e35_6.1.7600.16385_it-it_484a5ac5d5c1ab46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiaca00c.inf_31bf3856ad364e35_6.1.7600.16385_none_9ac8d37e98daccea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b322e15cf64cab9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..ent-xpsgdiconverter_31bf3856ad364e35_7.1.7601.16492_none_060bf0a8d4bc1f75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-qwave.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7657e81062b18289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\inf\SMSvcHost 4.0.0.0\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bebeb572af940bcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-e..e-ehrecvr.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a09dd6ebc4e4c5d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mp43decd_31bf3856ad364e35_6.1.7600.16385_none_10281d340ae2249d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-runas.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9a72c22be2fa8eaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_wpf-presentationframework.aero_31bf3856ad364e35_6.1.7600.16385_none_325a15ba69e4e34d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000046f_31bf3856ad364e35_6.1.7600.16385_none_5ab789c86ecd49ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mpr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a32548cd17dc0d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\Heart_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rpautoreg.resources_31bf3856ad364e35_6.1.7600.16385_it-it_672be8a37ae626bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ini-systemtoolsuser_31bf3856ad364e35_6.1.7600.16385_none_7ca09f65fd387e58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..meworkapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a815d2a2476277f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-shwebsvc_31bf3856ad364e35_6.1.7601.17514_none_081bdb4d6853100c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..er-engine.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_420181123791bb85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d2e323f10fc3c0ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Windows Balloon.wav C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..installer.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4fca51c9a68789a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.management.automation.resources_31bf3856ad364e35_6.1.7601.17514_it-it_1f8f90b34e4e9f06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmbr007.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_473c74c593d7a9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d8ab542b5dfbb26d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_it-it_acc694affd2f0026\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_scopes.help.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..ty-syskey.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5f424feee4283fb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-tools.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3016c13308503634\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..-migregdb.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1ca70dcf3b660d8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-halftone-ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6eae29ee4c1be3c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-u..anagement.resources_31bf3856ad364e35_6.1.7601.17514_it-it_93f528ab52d8cb6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2pheq6ZBMROry17.exe,0" C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell\open\command C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "XQZGQTSALYMJBKM" C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell\open C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2pheq6ZBMROry17.exe" C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe"

Network

N/A

Files

memory/1804-3-0x0000000000400000-0x000000000040E000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 c1733f02e7c0c1b7667259cb416cca3f
SHA1 b2df7bfccdf956ec1de3cd442b92b63d450d73b3
SHA256 b50ec7fc28573b36a16e85895fa563a8272bf7c50203274291ccd75faa52f5ac
SHA512 d175a6958d01dbe9a66c2e0f0881e6ec15c33cf899eeeab842c6d46e39b91a4d8395509625291dfbc99e28febce5e6145296e9015f15b265ad637e64e7641992

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2b6407f2705b35a5284f0707b1711175
SHA1 a72130ec9f28e910d61c09bd7206273d2aefa555
SHA256 87f2d20133ca3f2b00cc9b57b2215706cfc49b66580ba86fe600d41e76c584a3
SHA512 75bb0cb73459eff13aa47104763c76a673e8cfaaad5fca5e3df23213841089e897cb6c5a9252566fe2fd4d97ebee6cba10a91245067a1ed2ef143c16ae7b53b7

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 48a7a48d2c2ed111d3114c6560dd6518
SHA1 1294d5ee581a2148d5e35385362846303a1e17ab
SHA256 18fab4c6d9ca7cedbc0c6a232425256d7e4f9777e19e6e2c85976f4de34a85c1
SHA512 4127aabb2db4034de22f5bf641e74793baeb2b3444920137e0b42b05fc23509abaf897da030c454138090f9880e534258931d6ec0fd8071a13452b884a97d95e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 c26da077715993d6c91deeced88aefbf
SHA1 d614ae577014c37ca566010b42ae24cc87418d50
SHA256 6e28f8432a6d17ef6a2538cd8b0fc2c5f1d8b0757a1ef586308af2221defa7f0
SHA512 65a68018a893796672eca63a2cf40b69cc68a04b71942be384a7733b14a5cdf930955b73cc54bd21a698727601f3da1b050cd8443c2a98a61b293e9ba9c97dbe

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 2a4444f10c814fe3911b8f12e739bbf5
SHA1 d5b2549502a4a4ff522652bed96b695f44639ae3
SHA256 cfd445106527f38f3828d30c84f58e639773978081d8e10949129c77f4ca75c9
SHA512 ceed707b3dcac71a66b6fc8fdbe62f5e42197bed8c87b0e1a76ffed8464b5a77a317ff61aacf91098eb763ddb46fb2a1e904936728b6c6338a90fd3ddf7c5945

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 3474714a98ae7dcc50ac3bc7aa9e66a3
SHA1 d726e3e5bbda6920910c3d8cb747a5160a83545c
SHA256 70dab0bb403c0fa25eccd6b73001d76888353a548c6bb44541d8d7165bd66589
SHA512 72830ccb3468966d8ba180b57496ad0dc884b590ba217f55bdf99d2edc0e50a89dddfe4db43abcf8d8067731dd7b1b7e053083300a2b58e35f9386d0e4fddab9

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 96798d8dcdb915982a44198fab26ddc2
SHA1 404b539e2d334a9b4f498571567cc3c286e8ad57
SHA256 cebd48cacc7a0b619d2677e852e082af32abc2c5d7637f64af1e484f6cb6cd10
SHA512 db0327cdb54fd9179089beebb35314afadf351890c1b2dcf660fe181360bb59e50aa982e28403628a162053f767e029f4013d646bca0b8c0f1f6e300e51aecde

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 b9193c9f86938ea14e5f90cca8fbdcea
SHA1 4fce3f98fa09036d729038a7e8c63d7e22329f98
SHA256 ab2ece61e457a16de5c7845da74b2564244ff282d6dc6117cf01bdfa9b9f07a5
SHA512 30b90d5d8fb9c0cd1eb70e2657820029e250764c8918e068343c56e728324ba4f1846159117697c14831b45d98d1fed9e08d4f04db9a94a28d8bd57576edd476

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 e079ea79befdf5dde2f7b25cc0269168
SHA1 aad0fb9deb2aba6781de52d854a2bdd352be6b0d
SHA256 472ad1ec13136764a2010685815324d72f8cbec391dc98e9d5c922803346ff7d
SHA512 25842db47470f8d5e66a51ce17dff3894fa128b44b60fb6a1b6abfbb8ceb95c3d2e4163069fd3a7f38850c151f981a6f915b084799be399903a99e60fa51c1b2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 426084095e99b265caf29953201e071b
SHA1 4e9defcff2e02849122111bc05fcaf955b88392f
SHA256 a68d3f1827a5ad347341bf228e523beb13a83ac2813c05941e1519470a75a9cb
SHA512 c90e7a91623b1a74e96d41a8a7527ed44162a968d1778412aefb2fb9b855a9d2c575b2da67c5561e2fcd73783ebd1ddf753a18da6adb6cf368ed78ced7fb79e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 43449a0c85eadade4d14c84e78ef49a4
SHA1 fba45a19fbccfa2b9755b5a86a1fefe89acc6400
SHA256 b89e11b054700975c2d6a43c72c66c4d354a8416f21b55b525edfe93307950f3
SHA512 b20209c68e48fd47ac25aee92facb790fa3adada4ed9081da626bcc66d61baa790764bc63bfb22afc999550b9b749c202181d56d27a7bf2d8b639e06877455fe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 6ebf5e97b5af01e00c162f2501f1a621
SHA1 2db0a088ca5233639139f98350106dfa24c3e59b
SHA256 bb7a3715f0534fc0ff72d1d2b12f94fe0deeec1e38c2ec5867e9bbd0ab72f4a0
SHA512 58990c60c3c2b0549daff82e8ec5f170f20d14bf6974c9252dfd67a429081a3fd6062e02860a1ab1be1ab18783dda83e638af73ead2ecc92f0404b0e40f2b51d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 c1ed98ff53f89d2790a92ad05508dcbb
SHA1 fed676dd0ffa0c7b39f2f1247d7093a5dc80543c
SHA256 788d139ea0633914c1354ac9f17f638ee39074e0b94dd21f05deab3bda142e0c
SHA512 25ce354e50a8ebc6ddcdd64ad5473776b993bba186965b03aa2fc46bbb5d592db5f087359049c966c71408dcd8318b05001f7d0eeee1a57e078049084d90c450

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 189b88dd87175fc4f8d916284f32419b
SHA1 8551f1e5fedbaa96dded25780c6d5bf0a63f9a17
SHA256 8fbef7295a8cf5f1c8d838da5a2d8c8cd98982ee7520e623ada6fa012c65bdb4
SHA512 dd0b48e179782aab44f8ac69ec5afe00b8820b102f447762e2b25551d15189a04c7497e2f6be10d75dbf3d4a8fc652fb154e3a1c3466dde5f7d0c936f568630f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 17b2a8d7947616b4c84e03a618948227
SHA1 2933334be0635fa7095d1a0619ae6c56cfabb73e
SHA256 aa9706fbf1478d85f081a84bbc73aa84ea30f83babc069046fee5d66a8100d9c
SHA512 3c806633401364743136f53b531bf23ea41b4e7c49f2ad9f85015daa475e7a545ed44e93366ec0b62a661374901ab438aaeda86536a0483439732586dd81a0b3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 ad25b3fd59f4db86b0a6cc8c70e1500c
SHA1 7f2007c753af4e6fc2fe9836011eed3818620ff1
SHA256 ddf5dea3bd6d7ce45d4fdd1fab9acaa96370e789c82bb3ca6c26dda6638c0995
SHA512 1042e93ae3241c859573598297e213606792ac5e9a01a2eb1a525b9fd738530a4eed772ed8fbe536c79f4a85ba34685878bcb1299ed02e9e3be26c81f9237a61

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 e5aa8ef8b15fd8457e4820f0d076ea79
SHA1 f25d806d333649e9fbccb89000de9d2a1eb13dea
SHA256 82ce08482af864462d604af9a81b0983a31fd64c918eb6f92e00703172b8820d
SHA512 633e55080d5137da417150888b95c0f3f99bf662594ba54793a412806de812f55a86eb76114fc0fa62e126aef36e355aece037590778b27ea07dccc6b1fef476

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 377e63e80673ae7fb7aff0ce97a901ec
SHA1 d22a1df98c8db9561bf9e17fe59972a412469bcd
SHA256 819500c3e4dca9885c82663be9c846e07d97474967cec0b41d78cafd6e8ae579
SHA512 4675d2e80172b10603fe20d013489961904d4288d47dee3ca2606b1ba7240e6a0e0c0c503b349d63a8ae8b564a3c96e99975fb2be16e0e0994244189c5905c41

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 04eb0e4fe1a68f9852041cfbd2aa2466
SHA1 9c6cbb8ccebf526c6dc93790ee027faf3c019678
SHA256 1a1aa3539fe29b4c938994821c73044d587a4e9bc1946513c5b599358db7fd5d
SHA512 484b062e5988547a793543d7aea2eeb73ee0564e8a4c86fe82a0f0fe8677d91b0a0e87ed10f5b9b5c8d5d4745b0add7c6039b535c59a5ae852f3703c8c61fe6d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 706b11a2c0012a1423fd6a2c9653dd94
SHA1 59afa31427b2328c4150c427c561f85ddc80e688
SHA256 f74f64f20aae3e4734f8db0fd203b1f9ef2547a02ebcdbc73376e9bfbd38cad8
SHA512 92bc03fff3b65d8170dcd8b83fe06f3ec52263cf17bb20dc9079d6f5957e367502eff15a2e1ae6b88246c1e727c022a91ccb0a8436ca1ba73ca22ca5a5d36677

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 34a0d52f4a8b9382a6808a66509b2da6
SHA1 6fb25b9bdaea1ca41bba7869d72b07fa984bc992
SHA256 a16a5bdf76e87da8af2bfe96fe114fa481bc85750e78351733cdeeae78e2ea05
SHA512 8f31bb6cad4acb6cf1fd056deb81e3a2c0a59f4566e9470849892d578136dd432e0f4de8bc5b5f2736d13606f536f285d013731756c9fe35ee7ed570b8138888

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 a04c96f2045f98ff02ef2e518025d0e0
SHA1 f184427be28f843cd2546698c1de007c9298210f
SHA256 cce352f7b40ee73a0244992071ab5780fde951c709aaaaf4d64e8f3f926349f8
SHA512 a69ff8dc058ae6f9316ba184d8c388918793c54e97821860ff0aa94c4f8d479f2cdbd26cbb52afb52fdfac45cf398582b6eee8777cfc2bd11eda99258fb64185

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 af0d5bfad65e5c01c01d73e5cacc63d2
SHA1 32ad82f48303602b5b7560e619a3f543a08b8cb4
SHA256 b23a5661c7e5a14fb1efa38d8416f45b07b4f6ae33a202475fea05092917da19
SHA512 ccedae56559b06300319eec06558221a943dde12b83ad937323164ba35cf94c4f9f53ddf1b090247fa82e61fc3cef7d2db9897ea4d1b9e29203933960f65b47f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 d0a9e2a1ffdf4dc117f0efc049cb1d6b
SHA1 38414c357929462405e2701f739fe75261f10d26
SHA256 991d6a3e8f31c614aa6f334a571ec562b10fdfebe7cb92269e24cab4985ba0f0
SHA512 d3d5238e9969ebb78f27da5d8e56af8edb892b35ac9b5833d1153b08445fc96c627c04469ff48b77ec343350c2e0105ec4e4eb42b84e20dc18ed9556785535f4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

MD5 8c58f65390953bcffe25dd87f9a9d786
SHA1 2a0c5b97bd1b4328334fb48430475e650d5c8a81
SHA256 54bb7347dc22c928c0b79f0129e060a78a56b3e49a393962664b428cc29acfa0
SHA512 1ba2daa6566c8c63b4b2d18cd4b90418a24a99c8a95cf9b92645b2e317b7f07df6505fe905c7b929e8189c0e9b018f0fedbd4f9fed8076fab37287da246f4ae4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

MD5 fecb2ed589f73a874a69f5b0122d80c3
SHA1 557f8d24e3cd82dfd77776a77cec3ecb9211ff19
SHA256 2798a017c9ffd89cf77501569de783783ccab418a13fdf2f312efb050c15ba49
SHA512 72d01c374ee57079180217d5c47d2ce2a7bc453d00eb7db2eb232eca57ab6456bed26978d08c6e2f7968d5595bd8d275022c3cf5bb9557bd65f7d82e87888bac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 5b770675a78a681e7786e9a5e2efc5b3
SHA1 8722661c97ea0d4f5c3b587075d6e1c4374a30cf
SHA256 9ba816e9b0c47d5145671f99c06111ac5b4351dbae36b24198a8af1ff26be43c
SHA512 53d841242a1031bb328ba5c497c7d4bf72a2d0aa29e72fa820663cf40abf0f14a4e351723f6a690932b75c7b24bef272280784f98ca38caddf823f03c402e8bd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 0c734b94b7c5e578d123fae5f4041fd3
SHA1 b749aff2d33e009ccb26225e73b3e44a2d5b9148
SHA256 b9a068ad338c1f6a80a08efb4842c3565c03e1fbc78adc986fe8c4b846ce1a58
SHA512 63f5caec36f64feebd651f072aef60e3e1e22aa1c82debcd494e81ff9406e141a9d2d6bc55ee3a582b7b6af9fa3e740778b1ec62c3795226f12c48e055819e12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 6da0029baa71de7494a8c15d2b6b44b2
SHA1 3223c77a0f478ce28c46cd1e27e392ddda8b4e61
SHA256 fa8ec84274702849dcea1ab234bc7bca3b2a4883bb169aa58909e686b70ff7ac
SHA512 34a7a458be7412a1140e5ae89580649f57910b6f75f045f5a71d8fb42e97192cec7320c18a00a1205b4bfad576233690b907a70fdf9e1e43a7df7afc6ae38c87

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 12408f0bdca7efa704e55ce723981fcc
SHA1 0c9a0b6bc321dcdcab2a787c838e628e684bb105
SHA256 2d291b19f819f6dc35b5664014002e1d96f5894fbf2ec9b265a2ce249508c6d2
SHA512 9ca58637fa0ab7d8b3174beb40f3f7070739724b95f37b21e5d75e785c26e40624ab80f00268c4385930b9dd623197cf5e52f032805df9f6fced36e3726b9764

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 176792168c7c07df7bca28bf89277245
SHA1 74618828edd5435b3257989e381822ef7a973406
SHA256 a4dee41d001501e9fa116da0dccd95f69e1fd7656a22d0147567ea6e670146c1
SHA512 a521915154c569288ec04f11a2b8c11e481a7f956568e86ff0f33c3a46e1106d9fb94a75d4613aa261e8bb4bd264db215ff97521fbdc593c9adfaf106afdab98

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 1ef485102c374a50bee9369cdbba9089
SHA1 1b70cfcaffaf142da91dedd765d4c46c3c37fde0
SHA256 5f3e018b077ff107f185c8f8715f79c98a0a12f7aa11f96f0c0c9d0d3fdb5934
SHA512 4ba1dd4308d6ef7a82d31f5dd15bd25890dd36ddb219328f854ff547f50841961e1f4a1e25aae5cf2bfbb70411f19697514211be048852005544fd3672c0d1e3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 56a7b49a1a8efac15763d3d6bc94e663
SHA1 4d63b746304ebeee6bf6ebccdee4a9093d41504e
SHA256 00e899b06be0bad6b3bfbc61245f4b0f658b71d58308171ab9a61133d216148d
SHA512 100106b1bee5a0a92c6e1b2fae319f9070a3db25b12e655705a95b3ea984147cd9081f1168c9f1284300e0d558a8eebd8ae40b9e2677ff784a6201d976d21790

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 90e7e77cddf7f343b7ecf97ee8da8c03
SHA1 0481c57f52ae010348e56f907aae08c34b0e70b2
SHA256 5d46b2a6d1a988ade73e0f370576ace0bb1a37f3157ee997c51f075935d4aa14
SHA512 eddcf95074c1409b7eefb331f17af9d51317bdc944aad59ce84327194fc7ed266beca7b1631aaea5ead02ecd47ccb1f1f2d96554c79b32b061b88949ebed9cdd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 d68a5149b235d984db07a21a0299b4cc
SHA1 22c07a49c5dacd24df1659ea22aa90a7c4f20e94
SHA256 cb2e51ffc361343aed3866dc38c1bd06e382aa4139ae7d44a3e407861e500e18
SHA512 600c178c6a95b69cf6704a80cf97e221fdd4239d90cfd83340543634fc0293382d1203c0a56e2ac31143c2e6064e083f4b2b0b913a2700102679ad2f590269fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 80432f7776bade726e63d1e81d2e29ff
SHA1 8a139f35db23c5a833ed556d5800e9a07496770f
SHA256 941f955a08139a11158942258d09a4cf923df540a2ad9fbfab22c87a33bb3208
SHA512 a1f3a4961e886d5ba32ff9aaca0f5a5a59ce844de0fbb2f40a0e2a42c25e861b65491f61de17faec6b24bdd6b4873625027d090ccf5405651ca7844009a9c103

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 de3dd5ce352ee7a4b15f4beacd4978ff
SHA1 1e2059fb29f55246adb91ce05516537cec5142be
SHA256 ca57c445f5c39aab5d392777bb20bf500bb2bdb361ff5d7c320ae4ad5e300e53
SHA512 6d6153d3d6463a14250df95e89c399ec16e31b1ec253bc64b66f4498b7cb1f5172d8ee9d9c7f6df17dd94ef761e07bdb483f8707318b505b59baeaeb1fef7dd4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 2de9bd51a6712b9798589709269a83fd
SHA1 258ec8051caec7ab1272d40575eabcc43a9da0dc
SHA256 a36ce8fdfdd30e795fc7b2cad2410719df633b0c2ff629e1f1f7e68f279c5834
SHA512 ee235f45245119ec268e9d1c68cd01693ed48e0d1e9461dcc5214258a9fcf4089c83435b0d725c70f622b53b34aa07168de070d1e91497d1d7a34b5011c272a4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 abdcc73378ad2355d94422d84a4a96e2
SHA1 224546f0ade6a83f6b2028e8ce75ddc16ed363ed
SHA256 15553608db0226f723626bb4cf094c5240e39c2282927211188d3b6047d89fdc
SHA512 cd59973694df8cb0499bd2a70262ca9eb6af47e0f8ca45f1c30725c00c9ae685afa868bd7c4928d6ffb7042612e3774aa90010c7ab678b3d8bb896a007a612ab

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 9faf2c8ac3e09d60b068076e8735b1e5
SHA1 d26ed375e62164b0d6026502a84af5c464724768
SHA256 c4ff50fb213b0eab50459ff726e5d2544e010681e644666f532883136aa9d348
SHA512 2d6c95467a7a269824047645c99f32fabed16e268f1021f3b3bec1561a37d448bdabf2f592416b49ecd0b24bd5866d0bddfbd2b311fc681c86f294ca82f736cb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 033d8466e87af87fd4f956930895199b
SHA1 887681fcf786628e84b3edf447d6b092ef50602b
SHA256 fff0671bae1fcd58045df6820506ce4bff218e09eb7748ce0a652842ec7c209c
SHA512 59a587500e1ee570be2b493000613f8f97464fdd373a3f3f9e0f6ab2ebd982aecbba7479221cea576d7c826fb8b537da396955c099e13b6d848038da12794054

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 e340ad0b6598cd7b472cf73ef87dafc9
SHA1 db0093c3fc67c6022d1f62c9425c5b8a498dc4c6
SHA256 2a28bdc093f80730d4cafd8c3d856d5cf403b821256fe664ee7ad15a06f66aff
SHA512 092b1c463fb6834fa1ea852e1c7091d2d5265e332cd855c971a0a64b04915eae0e4e0fa5bd2f7e1406cca0c815a9ce1c6e86634247d9b9082b3e98259f6fdf92

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 b921c532671a2e4a8dd21cc2e837b591
SHA1 483df4c81ed5db7616adcce52ccc4b5000a189dd
SHA256 ce2929a403ada791893092841b0f1a06b37fc9c4f3bcf6bcc6b0024e61ff779c
SHA512 a97ef1aad0560d34363e9e9dea6c9736f2cfa8e18b88d9198972fdcc9afd26df5ab0d4eaebc44961c9c02e7dbcd79176cd893d05fce71ca3b387e9ea3cab6d01

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 df5ba98b6a39bcfed0b95e916a741dea
SHA1 7970489192b9e4145a7eb299d89ffb0b9211be41
SHA256 07a2216c67175794947bf370e3cd65cd19c5b16b29184d35897409ba13a676ad
SHA512 17be1da43df47fa8dac8980b6154f5a2287ea0b8a3998ceb0f1261f3f703e579acb510b1f5a9f87eb591087f9332d7cfdf54814fa68b2e1df04458cec6d8f7c8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 f1764630c9b34cea453bcc2d82084857
SHA1 9c35fd0e9186fc0577328e14e994867c6c0f6b67
SHA256 c4e7c46d6e5d140afe33dcfc40f6dfb1b6e967627d500f0b89a0245c5290b909
SHA512 80a49db03e9228d14a03d1695ddaf5f700bec84adbdb9225b3921f585158215815dad17399e3df84d084f6bcbf3dbc1dc0ebad547ac7e7087afdd464983119ef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 1043acdfec3f6ad4a07a27c26b359e0f
SHA1 2125cc76df58e08e4abe049db806ffc552ebfe1a
SHA256 527f1c90320cdc47d81e212645e3205509bf4db74232e79b2a0cf2df1c333339
SHA512 3a46f60ac134be480afbc0c8c55a41aca6d63716537bc711c87fdc2ce5975916a04a6484cd6dc2fa829be74780e041980ae45358aaee8e77fe177556f0275f6c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 af31e7c471462e4758350876dc242327
SHA1 4c9d3af9167d72c7b7a0c7d6e52735cd858e4559
SHA256 470b76f86e880debc1e13bffcfc83f3f6f33886e5b7313f40ff8dcbda27ddb57
SHA512 ba9dc710c3386731c00abb241ea4b0d621c84c3923db423dba0fba98dd35cc8b04b824fccc23b0f6de3989fdfb6d9160e12d42b342cb9fc2208151cd3d9ff3dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 fc016a62245e426158bc9a71798b32b7
SHA1 e689be4b6bf90459e4e3eb93816efe65ff05b973
SHA256 cb174d5b932301a19d4628f1b406aec79587475e4f155cad9cf3702b3e44ec4a
SHA512 2bade9fb5e5b506472a5ac0acf4e771f6b097e9b1baefdb7f0d20bc0938d4017d618a317f592936a4a48c49a2003379ba012d82974e5123a677361bbc8d97d6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 00e413f83010c3814dc01873ed3770cb
SHA1 f4695a3c3600234729d83c67ef2195c45055e28b
SHA256 9686b1b4bad0cc20bbe14cb9778be48a48dfb177950ed4359160a3ce842ce778
SHA512 7b8d4a2e769252a72000f9ed9bf08d986e3a075d195b8e8e34624bfd1e0306ff00be16e8b4a6dd80c088d6ddc621e5568fdf142d20397122c364566a349b0e02

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 2aa0f4e13fc1d8fd5ed0fd3e4f5eeaa9
SHA1 d3252732fe379f5e11a4dc78942e933ff53f9d69
SHA256 df97d0865af3b67acf8b830ecc769cc8df0d806de28825aa407304f729c650be
SHA512 968952f2cbcbd95ebb31ccd569cecbf903af3a51f31d8b13dfee86f0c7f0f321043183854d8e090ec5d5b901ce96a98a1b6c03936d40b1cb0da7c4784995bee1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 5bad4c5d9825a5a27bc3c54edd369db2
SHA1 80cbb53aeee06287f76e294747201fa5ecd91205
SHA256 cfe2d6902902682e03bc0a5d1f1cbdd1beb24ba0077487bb01996cf52c1e1b4c
SHA512 c5a13432e9821f0632d34e382becaa45429539e8d0bcce7f91be1f9d25ac45a047838d1ed7c34bd896688a5be6a08e84860304ac6451497526ad8ab3725e9176

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 f7e012e61e5bd9286b815bca14369b22
SHA1 594d21e6394adfe5349a02fbf862c69fce867f2f
SHA256 db94499c13d4ba6206d1314ec48ac0ceed901b728f76fea09ec0dd4f19b06ae4
SHA512 8fadd3ec1333f704e60c9f77b296aaaf191d21a6c74a23d7537ac42e595a8a27a89a77c4248873cb3f27921f0b2913cf22dbfcb5aedcca81dfeaef3a409bc9f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 8e5d3ce64a2ed519fab7566f33158a93
SHA1 11fcf37134391c855382babb809ad02bfe6c9e14
SHA256 dcda0d0a121f6bde038eb7699b3d01c6f542f0c4a1a58f809166ec5a7640891d
SHA512 1d2ef6c8750a5b73b72061b626c74565827961d7a025fe806c931667d553bd0776f8e182ae819836bc2f6f1f1304690a8633416f15dfef8f2cde36f7fb4f2f3b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 6249cbb5269b0075973e321409906575
SHA1 eac9f3c5bfbcfc8c253c0637fc3127c5e0601157
SHA256 d893275c57041112b18cae7eb273db0c6cda4ec087d23643d66ffefa6273e5cb
SHA512 e966ebee102505cab13b54ae3a1cc64fd2086d17e5e2f7daca7e8b00a1002883ebb220297b36d20807ba92d1de3e6244199e04337b79d399b467ca021a1232ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 8b7139c3cae57337ba946240f1d43fe5
SHA1 128c2d6d1d1bf76bdecd61db13b542402f89425f
SHA256 c258e7d0df08e20e30d78eb8bcb1b1d1b31f537e3c912838c3f467f723d0c5a9
SHA512 ee52118332a999f63e9558b5088297290d73770af92052514e6aa18dc31182f678600585b312d15e6d554c8995b05d376e85913796bc9a0e38d9cdcb21120644

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 cce1d6563c9d333c77766d3bb22fbb9f
SHA1 30364c8839cf4cd95e6fd4073a2e0d4ca84e8974
SHA256 4ec42ff3d837360dae81e1cefdda483619d2c93ffede95417c06edf844d7870e
SHA512 57294e98ab97cd2a25bd8f451a1e60aff7d0a0d46437b1b759e574281ed3955eb50d6a6b7e4ed70c82acfd3320c95c4fb9ee929135d7b6dfdabb4900af8947e4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 3545a2baa730347e702517a935419d3d
SHA1 7fda94d3c373bdabff8a2a6a029c1a47ef415cf5
SHA256 7efe68a890ef5a9152ddf99dc54e7817c0eb2f34cb844c8a873048b106544840
SHA512 914662e87d92943bbc5890bd43c0cfb47a9db648b9c91d89b196ea01e51062e381188a1309525e81583bd85d20ba1b15790dee119b02e20072fed64c958990e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 7b3e1a28eaff8edaf5fd781e4789a4d0
SHA1 75f614badf8393c02335aae63697fad61255423f
SHA256 930143362c2d16f73657c71f440a4fcaf33bf8bda8abe47f4a2faa942e4cf428
SHA512 6d2372aa90b131c7f6c102808bfcd7a092b907b622d46aa6f07b124f1399d0760c0026730e2d27f3f04f9875a81126fc4ab0e9bfceb6bb15bc04dcc162a41358

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 2e313c950e27aa805dbd9e2c05565da1
SHA1 75a363f28a1f1f01eaaf412e91293c0e307efabd
SHA256 8f7467036bf2c38a42743e5ee59ea57b55b4bdde76f28ea293a9a735e9e29251
SHA512 2ca46e7102f91b20c4e6269e32f6acf87af78a5cb2b9ae8832dcd5caf07f96d96da188a9b3e6deab58a9bf4d9d18d1bf67989451f720ae2283490a2e2ea4f4a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 3a4377fa813075c646a16d42a6e1c15b
SHA1 7fdf571d8c98993d331d6c9aefcc122489771295
SHA256 33864e7059410c3303de6255f4d63abc48e06343e06bd79784bf4f44b0904801
SHA512 f46a72e51e6479a03cf3c27c1c738ac4989a7a03455a959dfcb856602ef52a4b5e4bcfe416d4356e1e237a3f4738a65fa9597447a40114321dc6143a111ebe43

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 b2556f87aa1074338a3d4aec0d69141f
SHA1 8d1a02c4678f68238e7194ae0b02aa38b4b896d7
SHA256 1b730e0c001e5907f9809274d7dbe2b80e3bd2c81d5011cd81dd3d94d89c4e4b
SHA512 af7a22995fb996b4a10585b64fbb2de27b179c4c3122b00ca7c53e11f1123f3a3bda2adab1301155c1ad25bdcc12cdf4efc150d03d4d77e32df0bd4b951d42a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 493d53e73e45664c3aeeac9d1ab41656
SHA1 3fc826e61882db88ffec9aed84e09a69c0ce1b2f
SHA256 02c272d8cd9db88366478a4b60022add64996aee545ba02b3ff6354cbb4c28e4
SHA512 1f3838206beaf0ddafaee4e5d435d8ca56132cf3105a67526806c88e5ca7d66c746bbd34c515e21377bfc54e8242cf6767031e575a104c8e9990e50c2290a03e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 de03e9e8426cba61e79c8ebcd9258240
SHA1 a4bc28c1d7718da831256261a22075f1241c8c61
SHA256 06cf39a5aff337e6ba20c369c6e75a26cb678449081cb56c25387fb0c2d03209
SHA512 76c498161ed8ecabffdc6a7f6e205057b8c646e055cf8989e428f4f0cc35baee8e58860918eb271a08aa939ec4cb18f43d049f0d0c01f77abb04538c9dcf45ff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 fe17cb0929c0dfb67d24fa502405eb23
SHA1 65c98a21d0948f66d57f9818b68f8f5d98294fff
SHA256 05985cb206d01e92e890934f4de190a5b0a762d278f6595ed88b02893a2d1d5f
SHA512 75d46b96f2d69e4a93ad0fc7c06d0543341f5e6cd20f598b12a1533c400456c974ecd22f5c371bc711a13da2e2dbf4a64b71202c9caf54111aeedd48d05a2eaa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 68c9605d69656e9def9a8a951636d351
SHA1 b618a1af95977c578ba00e76bf7c2aaba412d67c
SHA256 cd9a6ceaf45d665b3d33f5e284e7b86814d4f1becfd1df030d08a3c733f3b6dc
SHA512 9ae6e41b754f163a0e01bcb3f64f8f2876af72d273fd3a66bfdcf6973553a5df5642ee69c775fb3844b412ec3167465f477ccd6ce5392dd898a6a36958797431

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

MD5 246a4650c0d90b47462a9a154b6f93f4
SHA1 069ea97847141937bc7ef73e66c09bd475bb5ac1
SHA256 e7aee5099c59d58fef9f886f7f9e38b62568e8653ae3ff994eee264f5f3082d8
SHA512 6c4fd4a92b66d17268f4560d8f5a62e19d3c1700698a6b1bddb96b76361946953a5637acade393dfdd57d5118e4be7862ca055abd865d699930adce3e8448e62

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 359194315616a9cb9d017d62cdad054c
SHA1 61974aa802497320b74099c60ef86efbec764389
SHA256 3e25300dd289c6e63f75e171f5b00bc8ed52ebdc817750df920d1b745d61cbd1
SHA512 7c0ead9c3ae02c81b0bb3aa5bcbcb3768b766a083375859728d35b97d9174666b8740f794e31758d764d7347a91c982dadbb88f017339bd6d54db62601be63f1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 566c4fafef79fa27979648881dd99377
SHA1 33ed0b7952b3e72f933c027f993630a32263f42c
SHA256 dd8b7ab91b0c0c4b69b5999c576362747a14d0b6a844901b678b38512b0b8a40
SHA512 243429bb3a6e9ce7d8534910bba450af97ca3c4a5b43af64a3b7c07762b07fcc46f2b58a47ca230ec05fe330b4ad2d81330447b426139e42d4f43ebad81304ac

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 9f7b94e392684435e13f3c4276e66b98
SHA1 8785735fa2b6d56ad0a6cf83fafbfa3a17ec4d2d
SHA256 bd9a944c7939d1b3fa728926501f4c4244966bc61013cbb2ad7fc4c57d464392
SHA512 2d9fea76e2f1605e2268d9a944c054f1c82fa80aa2b1426baf0cbd810cf6c8796c2360dc62fccae98d10f1ec68eb1c054ef23e3ed4433de54cea928421b9dd1f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 b789af83f47258e6b36f61e1a8a10cbe
SHA1 ca0e445491bc5820111956a8de4e3b989a58a5bd
SHA256 24ff5df068a5f746b3081c0cedee174ec639cc79227f0e6a5816d442d54d95bc
SHA512 32271b07659e7ace9b1661c93b8bb5348e1e254e1479ad3e1eb0499bc7a84cfddad71ca9be753eef342dc984f166d4a0d32f66f033f9c3710f0c581e4d96381f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 29521675f26413ad7f8ef50e5ac78029
SHA1 73160015314e0051dcea6fee8ce9b3db72a589f6
SHA256 52cc86818067ad545dff47100368b32838afc3bacb72d82e691e984ea1b98a0c
SHA512 d7a1b089505f65c7fe74b327e206c3ff47f59c8133a1a423c3a21d5e984909f44bbe08b26ec951fe9c8a2951e75862c82c655ef4ae798b1901eee3e295d14846

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 ee06255b41dac6d9b5125399c87944be
SHA1 cafd3513ed678861d37e267193291ad923511909
SHA256 056c2b7a4fc76ca1181f7dd054d10af9f92939366f25e983a493f51ec638377c
SHA512 999c4644844af7c0411c35cd7e2adcc00904a6eff5ad8e5b61a60776480471ca238821126a71a75b0a519ac01ada40a0dd556833ae482d9c964e562294caa95d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

MD5 447bd316ef6b85a132f57e6282ac57bc
SHA1 762a390a8805038dbd86a343abec4ad6d734cd57
SHA256 43f9c311c93f9efd80adf1a34bd3eeb2a6198c72e87ea01681e4e76ecdcd32cb
SHA512 1295e21dac06009c6c9e7f89edd1f835d16f81fce342894a25b9651be0bdf6017a13931c42aac1e2de5c2ee6d1a1552b349729445066aa095e24a05df41c4a22

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a1b6b7febb3000220a88376ec85e9c08
SHA1 dc05ae24c55282fc2432b3901f22a8a822e767ff
SHA256 f25878fdefeb7e12b261412172f8ca618d03e5dcc27e927799638ad744d3b969
SHA512 c58df5880d01d5ec196e8c129ff99a65185ceb789d0d60b94bfc173b6a47fffa23795e347d522b36329d9389fe156fc9581eba6c0be540bfdba929f66d40a8cd

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 3fc5101acc3a06447984a2f3b61488d7
SHA1 809286952fa1601bf0a6c38cf6f56338a27c2f08
SHA256 220b0271201af03e592e8e1da8d8f5c306950f9b6e226aaffc8e38b0346bac9f
SHA512 05c8badc64444afeaeee1c65d64de2a4ac2c8ca9f23714fd62c09381a0cc4e501f45542e5ae37e20b614fac7c96be343fce6697877df93d7668df8b1117c2eb4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

MD5 ac91ce12f5288ecd6a75cd4656aa6a16
SHA1 f619602f45435fefec2f6156ab08eec626d00b1f
SHA256 ea8c770163fe5d3c46c1f3506cbd73b7672348e498aefec3b3003cedf7e02d6c
SHA512 65d9b27b8a3072b7b0d93470730d9a8530a47d4f1b97f9360477988cad140b7107b6a8cf6422751cade4a0142c50506bc74c9d27616894a7cbefecf3c8d03bc1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

MD5 931c77d2516cfdf53a7e37fdbb793a64
SHA1 19a8153048ea31a0008af70e3b3725ac62388454
SHA256 72668d4f58833db8e8bb157ad4bec284ec683533e602355d0fe48ec21c64b2b4
SHA512 7fd0215dca26ebce197ffcbf5e72ec12045cb7c948cb744ae4d44e0d2ebb796cc87da8c521fb829f33c1e6664cc9b9cff7922a894f7c2e2c83da1ff2f2b24dd2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 16d1c5bb9ab4fb7cf38bc499c042ecf2
SHA1 64dfe770eae57621c78fb575c26c2e1611a00689
SHA256 77653b8d493c44665ae5e072b89f4a43e947feeca4dd4ae84fc6bc1d61796329
SHA512 efcbcb28cc4a20c8e6f95d4f7bcfeccda5233a8acdd240b2c7afa20e2661f67873948f52333e739e2dbf95241294df34a79de518af3568107b45b5e08fddabea

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 9cd738b8113af0b6d36934c898008370
SHA1 3eb015255c18a91ffeb89b7e1266bf821deeb5c0
SHA256 23507aeb7da9b750b100e374dd58bdecaa3dcfa70c134af948aa0a51384447fe
SHA512 556c9d2d0f7b619dc9b0e5c65d6d463d9ff2b76edb1f0bfabd9e57c01ada8c408041aafa299dfeed065de4b8a1ff86b2170acf9a838095f997187fbeae46f61d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 7f569fe54404feb3b0fd6f8de44b3c36
SHA1 45005e452a5f6e9084a67f861e7112b494c45d5d
SHA256 c6f860d8cc60acc755008f02754d886d936d37679c236597b9eccba1ea52278d
SHA512 563221c9fbfdff97ce1d0194ba632d68121ff156e1e43f730ee776091508747e21d834460bf3b23f6117214bbb2ed3b7df69dbe9c0436f34eebb160e17af04f2

memory/1804-8845-0x0000000000400000-0x000000000040E000-memory.dmp

memory/1804-8844-0x0000000000400000-0x000000000040E000-memory.dmp

memory/1804-9077-0x0000000000400000-0x000000000040E000-memory.dmp

memory/1804-9078-0x0000000000400000-0x000000000040E000-memory.dmp

memory/1804-9079-0x0000000000400000-0x000000000040E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-10 19:21

Reported

2024-10-10 19:24

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Renames multiple (2186) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2pheq6ZBMROry17.exe" C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_firmware.inf_amd64_36e4e17f210128ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmkortx.inf_amd64_93b84ecb5fd1cc85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_b2ebe9229789b181\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_pcmcia.inf_amd64_92be188847324ddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Storage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_07bca0bfd5173050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_c0d977e565fdc839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidi2c.inf_amd64_aad0f43cb9f97e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\F12\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_cb18bba4788e47f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netip6.inf_amd64_f29ffcd2b14f21f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdfrd.inf_amd64_25779da6eca4810a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_5b64b65052c3a32a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sss.inf_amd64_503a2398f4c86893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BranchCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_e2a1e49127fb17ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbxhci.inf_amd64_6e228bfaadb050c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_ucm.inf_amd64_c30468a947db0fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-16.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailMediumTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-light\Settings.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-200.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square310x310Logo.scale-150.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\file_info.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Pyramid.Large.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fill-sign.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close_h2x.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner_int_2x.gif C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\iheart-radio.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Undo.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailLargeTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-36_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Services\verisign.bmp C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\Win10\MicrosoftSolitaireMedTile.scale-125.jpg C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Large.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Light.scale-150.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-96.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-48.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-400_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-48_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_MedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\WideTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-32_contrast-high.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\video_offline_demo_page2.jpg C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalSplashScreen.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteWideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-60_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ransformers-onecore_31bf3856ad364e35_10.0.19041.262_none_023656085a635caf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1237_none_bd2b0ef5b58e1540\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.web.management.aspnetclient_31bf3856ad364e35_10.0.19041.1_none_4ce45cc532ee72ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-eappcfgui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2339317cdc3d69a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wlanui_31bf3856ad364e35_10.0.19041.1_none_227d2dca8c30e04b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..mework-uimanagerdll_31bf3856ad364e35_10.0.19041.746_none_84ba7e6e8d6b5bb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.19041.1_none_68bc95ae68779efe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hello-face_31bf3856ad364e35_10.0.19041.1202_none_760cf382e7e2de61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ndlers-nt.resources_31bf3856ad364e35_10.0.19041.1_de-de_0ee763a30db8e99b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_taskschedulersettings.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_563595bef46f138e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_61883.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ebee39974cf31924\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\square44x44logo.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..naries-spanish-main_31bf3856ad364e35_10.0.19041.1_none_cc9dd17419bbb9c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-v..payloadrestrictions_31bf3856ad364e35_10.0.19041.1288_none_c59e86728dfb9a43\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\VisualProfiler\images\i_chartzoom_in_disabled.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-management-oobe_31bf3856ad364e35_10.0.19041.1266_none_e6ebbe2a02425392\oobeautopilotactivation-main.html C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..unddriver.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_52caa106eea4ab6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..nefiles-extend-apis_31bf3856ad364e35_10.0.19041.746_none_6aec0803931afa36\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediapolicy_31bf3856ad364e35_10.0.19041.1_none_f8f54077a40ba289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_10.0.19041.1_none_5a16ab44a4e3fc00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.runtime.serialization.formatters_b03f5f7f11d50a3a_4.0.15805.0_none_20de7da86dbef949\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\BITS\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_sdstor.inf_31bf3856ad364e35_10.0.19041.1288_none_b06a3a09911ef032\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.19041.117_en-us_722d861e05188bb1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_668ecd058abb95a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-brokerinfrastructure_31bf3856ad364e35_10.0.19041.117_none_3c1920f753190d57\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..erdatamodel-desktop_31bf3856ad364e35_10.0.19041.264_none_432060dc96bd1c61\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netevbda.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d70f748b0b85cf11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wcf-system.servicemodel_b03f5f7f11d50a3a_10.0.19200.110_none_eb92573b46fdeff3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_49f604aa468b5d3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.84_none_a689f818199cbaf8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square150x150Logo.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ncrypt.resources_31bf3856ad364e35_10.0.19041.1_en-us_7feb0e02f5d5e82c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setupapi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c2d4adb909b8c60e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..pplatform.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c9abec33c79100a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_10.0.19041.1_en-us_81f80a2d752be55c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.ConfigCI.Commands.Resources\v4.0_10.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-keyboardfiltercore_31bf3856ad364e35_10.0.19041.964_none_7edbbf633e00f7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-es_9422ae099ced0edf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square310x310Logo.contrast-black_scale-400.png C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-coreshellextframework_31bf3856ad364e35_10.0.19041.746_none_6b78bd522e127f45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rtvdevx64.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_9d5b328a089ac9b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-application..haringsvc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_172e1bcbdcad7013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-setx_31bf3856ad364e35_10.0.19041.1_none_6cbc8da4ecceab64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..memanager.resources_31bf3856ad364e35_10.0.19041.1_es-es_5a4ff6b3276fd74f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..andlers-geolocation_31bf3856ad364e35_10.0.19041.746_none_1e9dc338f1237ff1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-taskbarcpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_2af0cc16e12d5a59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..artup-cpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_876ed35dcdd384d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-foundatio..ostics-errordetails_31bf3856ad364e35_10.0.19041.264_none_f1545a6086ad7e5e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-enrollengine_31bf3856ad364e35_10.0.19041.1266_none_17fe6387a82e5ee2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_lsi_sas2i.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_bd0009f5e7f74fea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7e599e9684dc6e78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\403-11.htm C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-adsiedit.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7156d0379b0f2b46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_whvcrash.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1df92b108035a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.19041.906_none_5f45625010b4cd19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..st-abovelockapphost_31bf3856ad364e35_10.0.19041.844_none_5242508c78b8debc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..y-biometrics-client_31bf3856ad364e35_10.0.19041.1081_none_26f6a67939e72c4e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..usmanager.resources_31bf3856ad364e35_10.0.19041.1_de-de_8d2f207ea69ed2e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2951954a2391d801\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.19041.1_none_d6be4622df33d026\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell\open C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2pheq6ZBMROry17.exe" C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "XQZGQTSALYMJBKM" C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\DefaultIcon C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2pheq6ZBMROry17.exe,0" C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell\open\command C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XQZGQTSALYMJBKM\shell C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3176d1d3343727b075dd190b830013f8_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/2216-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 c1733f02e7c0c1b7667259cb416cca3f
SHA1 b2df7bfccdf956ec1de3cd442b92b63d450d73b3
SHA256 b50ec7fc28573b36a16e85895fa563a8272bf7c50203274291ccd75faa52f5ac
SHA512 d175a6958d01dbe9a66c2e0f0881e6ec15c33cf899eeeab842c6d46e39b91a4d8395509625291dfbc99e28febce5e6145296e9015f15b265ad637e64e7641992

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 2b6407f2705b35a5284f0707b1711175
SHA1 a72130ec9f28e910d61c09bd7206273d2aefa555
SHA256 87f2d20133ca3f2b00cc9b57b2215706cfc49b66580ba86fe600d41e76c584a3
SHA512 75bb0cb73459eff13aa47104763c76a673e8cfaaad5fca5e3df23213841089e897cb6c5a9252566fe2fd4d97ebee6cba10a91245067a1ed2ef143c16ae7b53b7

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 0559de3de1063fccdb9bdf882749d958
SHA1 d6f99afd7214c5ca2edaf4641d3335243fcfeaf6
SHA256 3ece310ad07d1d4f3cd1765c872a909b2ccb670231d009cd6b0615369106757f
SHA512 fac419573743b348c2365b0910165e23e0766e5282a16406e98c7f7fe4a83eaf8d184fa729b5439aecaead248528af1e0639871bd86dae9cf1ed95cb7953268d

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 a2c9f79bbbb480772d21f50472f41b5c
SHA1 529ccd1c57b07c37eeefce4ff651da36255ee56a
SHA256 630902da082ea76ba33eaafb46c6e436309906373e890a07cbbcaf658edf3d78
SHA512 0b09e3154bf7c076f3b453df490fd3c43894cb4735da1dad7d3be586df49ce9ab51dcd390f24ded7e1cdc19385840f3312ed517d8043fefa329cadb80a1ffeb9

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 bfa559b935f9d5984593dad4ad20ec48
SHA1 02ac4a58926dfd904c82d21242293aaeb921a0b8
SHA256 c89336f46c3582da6931e2b0a24590a0d0688c5a1b95e558fcb4b7011ff14272
SHA512 80dfdec9c781e8f4ea8ba7f4611df0eff4f92b5fcc4e2afd15c312b9112d4c64188e6ed0b897a9d35496a523d0bccab7d4a46b4f650cc386c9a75302bfdccefd

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 04b6f909e79ca0df51996c2cfc26b38f
SHA1 85d671f94ff9542f8e47fe35ec43718349d6c2f1
SHA256 de7dbc9cfb0c977bd028696b9fb85a3d684616fdd54bb7f995af314be868acaf
SHA512 e3a4d38ad8a086af33d509ab68ce6a314cffc4183f3d804fc05915d5ad9214f1174e7b0ca11b7100c670f13e40f92044d61dbca5d30e38428bf495b1457f76ca

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 2f278f6063df2f87e2a312183e543be3
SHA1 3dc2890097cc8a33ced32ed21f050b3bb0a6792e
SHA256 1c57de96d21cefc7f5c88e86de838e83a718483087cb52cd2837350e88ea0335
SHA512 88ec52f003faa1545c7b5056fe194522f5cabfa926b261d430c494cdf73ccd1d10a79eb9e35ff0c28ea5037ff8df991b748193a4096cee1b049b109a9000a9df

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 7331ffd988bb5b8f673ca1c02571bc3a
SHA1 25a6dae21a3b304525c3f82aadf5b75918c0b984
SHA256 874c6c0c5e24d89e5200f937d7be034379af64be19c76f43d1c5999edaf03539
SHA512 5409d3841245cf03af4f791103b8d694d3b3814297a04e82764747d34f070986a00d638a075ce306ee9311c4767e11d94c7abf3d86273f88d87861deb2ca5369

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 04abe2299abd35de5c3107c57f0fa319
SHA1 2d1593b7b023dfee2d9e0fec758f8e8e83c1a060
SHA256 911384141b09aa07a6cb8b431ed7a8640c41c6657733791ed1742f3dce20d84c
SHA512 d51c2fe93938539fbafe1dac8b7c506c7fdafb8ee32816b038fa81bcd052d430b0170784d83398bf1f893c34492ee5e8b446d7cac6a92213721af633ef1e132e

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 ac2258c492908d803edb275a79616b82
SHA1 8aacc85b2a4398986a016e237c6e01fe51669637
SHA256 2da6ac99ac863d9a17b967a067f19f7f952d105f9cabd9384697573789ce5b3f
SHA512 1544d0b83ff742388602019ec9f1110aa6aabdd20e5ecf3b95d173620dd1fb660d19787b397819031c300330237fa6ca86350a077787a70bdbaf24b06b1143c1

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 9d2365784a22e13bb93fda07834061a7
SHA1 c2965b8fed9fae0136ab3d37557b7cbce9a4f370
SHA256 b7171050275670b7735595c40fd64d3de8313f13c853880c8d86e53b4eadfaf5
SHA512 eb0f52a3abd7019afee9951058a47a9a59e6da8023121377f3994e05c249f7a9779f1e198c5af66270df7cb3c2ff4a8a5009b6f7aa1058d347dd2250bac7d647

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 b009257bc1558b4f6b4acfd6e9496806
SHA1 d326421f84681c11719743e21600ebae5ffbca11
SHA256 bb433c3e0f5d57995a1c28b1abfeb9f1589583436a3894ba0b94442a3b1e4a09
SHA512 0c213d2e0498df17d0326dca41bec2169db6ae7c86cbf283a252bf57c32447bd6b5ce0381134327f8a622f2ad99650aaa56c0e6455ed1a002c946cec123e7813

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 02c4cb666baa790afea9df431338ab2f
SHA1 e5ed59a34c8b5a715acb0d28afe9d5fb83268062
SHA256 914223d4977d8d609b48afe9b4e4946bc84e664ae29654280afa80c107575f9d
SHA512 e0d94896e7ac34c15de71eb2c4095250910fe7c38b97fa29b23a5f856f329104aef9c495643cf8a059074d23d350a868da1fb616a5c4da0a16a81c2599ef604d

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 2fcf35b43ce0f433219821035fd3b4c2
SHA1 5bb6628cc820bc92d41cac78ce7fa537de0e314b
SHA256 3ddffaf0efa557f421ae224b3bc4c5fddc9de9872db0c3e7015f6a4dacf7c582
SHA512 c495a0be2ff209b166b31a9e59ac0f58b10e9dd72a2380adb880263633cd6569f918875f996097ee98ee5aad386b7a36ddb285c71ad1c683c1d389d25459e0e3

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 a33cd495247e8e86d875b12d5588a099
SHA1 53a189d1ffe2487fbbeb78a848ee579de93cd35d
SHA256 cc558e902855e5ff5657760e8f65725f157923fa3ed843f907d99f258485a09d
SHA512 782973935dba316d960cb361878a31d9f8641bf61f32ef7d57df1a14d64132e0c82efb08bca893ecae3d9e928ba687144702d37fb116a0bc5a623da38e934501

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 f89fe12da53d1e686d2b33bba2db00c9
SHA1 887016665a57ef1363a0de65559465e21c15a033
SHA256 1a12c795062c108ece1d6ad9275739c2b090188f94bd5b15fc5b2d912aa280a4
SHA512 65dec55a159c380d05fada4d4ee8ac7c42c78d9c3b5d145c23bd5c6f996731067152fb08a16f4845864eff9a868c960fdaa91b4f7ffe050c8a2ea9435197e76d

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 76daebd92a19b182987685ad9d8e52d1
SHA1 36f1316a983062de88b811b5d4bb6d3405b532a9
SHA256 69dd5dfdf9b32e8e56ead110fd98bec7e5ce8db998db7dcbb670d0658f7295f2
SHA512 5141cf2d826bb6a3c15f125f77821a3d2adbaf64c6bc0b265ebf12f36858eaa4a6d8662109648ba439dc8af96d9609110db62dd4f308199242662211f9de43d0

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 b2f09f317e02f729bd6f5e332ae38be5
SHA1 31d02db4b840e56c0cc2954f998a579ce930518f
SHA256 44697afef3d7504910635f7495083a667f3a2fbab1d345dc0c3037af5fc18869
SHA512 4f3ed5a0c682c8a2c48ccb9bb5023da6a8609798dbcc6bac9ebc6e122e092896a37986986d5a04fc7b8974b244c6f8e52dcbdba66577acd62029389e79568fc5

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 d1f57968a0c2203969f6bd2ad03611e4
SHA1 26415ab02bf27d628fe6513708cafb2b1c2782cc
SHA256 9896f41847b13b4c93d67fba4a687e57f7792610b33fbf092640e052bff4c854
SHA512 d157968144307bdf299194db661f8a573b5b53b0334768b5867a025b8141dff1842609b7df53917891c91fdb10de2593f8bc19e474b5c3514558b6de033398b2

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 298f0d204321217b7ad50558cf004f15
SHA1 d6c8671f82984cda68a2e947635b352d9c9a7719
SHA256 c28fff90699e6cd404a3cf02469c1d92be31a65326f611e2a3f9c5172c2bb580
SHA512 bc0ab7954c76dd39723ae2da2b16177e5e1cbcd180fc023ec2c5771cbdd912963dae70af8a3a125e3f432fc7fd5bc483b081b4d7281549056c072a1159a25045

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 58f625b3c35b229ec1add50c7cf41a7e
SHA1 8e57c45e4762b99dd126609ffce56d5fcfd54e68
SHA256 cbc399421bd7ad2babd7a38eb8e5fce60226cee6a1a6fc01abc2230051193bc7
SHA512 0579a8bacfb8b3de6d088a7b3809d085bd5c9f5f480d4537448dbd31e8f428c1955db2347d229ab9bf1be4ba8bdcfd9a8f2dca3f2ef1326d41f74ac1b9ca8aea

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 8ca79dd3aa5831eaff27c54c82753806
SHA1 6a20e55e341914ebd2dd4c7806d3e44de969ef80
SHA256 f65e04b0ebea0f34be6d80ac4a99c40d197a1a0a340f71dd604fb37101380c49
SHA512 4c0156d5acaba06947076631303a1e634047c37436025ed2aaad04252da34b39324eac2fe65ffa10c453dcd4cfd4eb33863bc6ee2949faf25ebf22a2d34b8823

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 cdc05056284985e694044bee89164ec9
SHA1 d28e407c5dc63bab65ba6c4295484c6dba4ec4ce
SHA256 f529ca63c1df8416ed711107f1a8d215d9d800ee564d1734c7da22145f1c6421
SHA512 4d2bfe66e2f6676fe190233e7f1ff9ea324c289eb2fe67bec7f591338cc6cf61eb237c33ade8f99d5f23fe7179b8cca7e4eba6e44bbd1e055e05093cf2026dd3

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 fa1ec8ac6c7d631b8cfb049d2da26fd1
SHA1 a315de1f3695745f2a663e97ec49378f2fa92034
SHA256 f47e2eafefca156e2061e5f2f18f8763ef92b9b8a77a318113aca62feb2ab9c6
SHA512 5204971bfd1e07a33f310a6711a739d2075622e967be2966ff8c93bb342b85894467a318f1c8ff053dd855d98ba1b81040efa9e99a6ee18c0e3bd76660edd528

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 43f1d5cbbfa08d17c3a5f47384e8deac
SHA1 c9302beda1aea7a822910bfbc5c72e0028c6ec98
SHA256 d3c3efd78fc8c9dafb8d1aae4821f9465c664066f6ba9f92514704b87d91f353
SHA512 08127181f2ddf587cdc8a7c35aa0712f521119e570d88e0960f2f852ef6e7ef998380a1a0d5e1c3389931afd907a29364d6fefeec2e357d4b65169898e9e9ac5

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 c1d44897c54008c4daa6de3fcc817179
SHA1 b677cc9c279d7ea61d4dc8159e59764865cccb90
SHA256 f6f7cb77d91c9eaafb419f27faee071b60b994eeb383057d9037bc8209a40482
SHA512 3c4f004f7edf6cb7baf28e578b686787e994f41203b6ebfcc228eda15ca2b170b7d4f64c93faa4ea11e9e9372e184e5ce28b0f18b7571952807dea4b76d63b6f

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 2331f05d9182373155fe2bfa7be544ba
SHA1 92155a086b4f9845276c28355f9a1c7c8aa3e681
SHA256 d72da7b1bfb3605405165e283e724421a9206eaf0e17c30dd633c335779a8480
SHA512 69b7e2eb6c777baa76dfdb93c6a6a6bf97a446705ff40eb0ad57959d2b5f92f60e2cfddb45eb030da75fb5693bc81a15effeeb67e99f7df7100d38e2030757a8

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 2618b820fcd3b04e420053c6f9ad4f1e
SHA1 c9e8cdc10822526ccbc08f1e77aacee22fc1f9b0
SHA256 76c50c06792133bfef456ddc2553ed66e3aee5ec468c0b3dba1ca5b1a20d7913
SHA512 897558e0a24ec2fe335cc9b47b2cfc4bad8da6664576464cd5cd33502a08ac20e3caef97459e7fe956ab6f67816eb974a30f8e6a4b41c8727248a69636181720

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 639eac2ca292b6da5c09f836eb79f789
SHA1 e4f25107b2d95dc9fb4e19a552b1b8d5d050af57
SHA256 5b4098d63ef5af6767db021d0740df36bbc90a524b8a320cdea6a71aa509570d
SHA512 8f9497eac0fc1f1411e90577ba667697cbd8c41f1c781ea277075d9271c207bf9032213b2372fcf84e878c56f5559c1bcf22853759fed2ead5c0ab1b531dc6c3

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 1fb48af0b4f8c2e7d5f11425d22e3bf3
SHA1 79987e1bf1348ef3863e24956ab0487ced853306
SHA256 c647b2cbff84275d6e4d2225b82ba3ab1b0dfd4841e25103487d32b17f93f1fd
SHA512 528b9c639bbec5b0fee872a9526b761a9bdc634ac05e893a1420e62c575fdbeb636c1ce3777525e33ea3c7c99be040f1ea570ac2ba99356e910ecdac88e3e1be

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 874f19220d9b187426ffb949b074bacc
SHA1 3770074302b92bc217331833ea878b625ad66d19
SHA256 a6250d61906317f5be1e2f8a2455e0174faf26db8e770a97c879d47dbac1765d
SHA512 afa22f6bd4df5cceb4a6284edfd807bb5e3cc2eec7994395bfd59bef3b86de52f51ea6287da84e5d0fa7567bd939134ce546b8a35d36a4ebb0a80dbebecd3b5b

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 93edc32e1061c6901a2662dd7885af8f
SHA1 19ff81e83985158b4e87f1e5b697572194cb826c
SHA256 9bbaa49322e138d3a6c98059c412fa44eca98fe1bdf58ad550bd3ee2a6fb564a
SHA512 d8cc74af7ee786b4189d12d491b2ae30d24e8ac541cf4397724e4f1aaf1c65f53e82abb291034c8d76f3b9d0cd84f5f6e7c47e7cfbcae13df1d720bc5e3bbb73

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 b8d94b04a41aceda27d9bf662e728c08
SHA1 ed0ec10598ec949b8b3785a22342aa71e74113b0
SHA256 bf4cd2782e35e366b673c7c650af018b447e4d58c8cf28f08b0d6c8d6b7478ce
SHA512 cc971e1dd5ceae6e8d98143676da8b89883b0a6f0d5222051b3bf4bc07d4f7887893d5dc3446733ae97396fdedb768b89dd13d2dff5e3484da698e6f9e8ad2ba

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 078e36f71e713612eeea624e6c3296d0
SHA1 764050509c276371a78ad709e4f841f1c8a4a397
SHA256 e67401c05099f4ae022f514ceca627730e2db84402ed74fae6e0c7eff92a7feb
SHA512 982a9b91712b54265282177d8b6dce9a3b2ffd89fc7a082d3e225f4e5281ed88930f92263717bb92ab94883322ad5db1ce511d329ace9bb8a39ebed202cc732c

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 256cef9a6cfcddcabe11b51be412d5f6
SHA1 df53d7515697003c43d5b2c935c729f79ada3620
SHA256 a92a6f283a25cfeeba54b575b1e794306ade611252dcdedf23e75b59a51d55f2
SHA512 9ec5b7c019a7c61ad7f2de7fabf5baaa8df238d54ff4e5ef5abf65777b601d765877a4040b6d5efdb6d3e0ebb52d08792ce622271c05e59631ed1d62ab650cc4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 8f60fd59e2d134b6e04d8a30aeb23c9b
SHA1 1200a663c511148877e0621daf8682a13682673c
SHA256 a9e2c4060f9afea930902c3b6f11e63eaf41c5891fe32bd373fc590ca6627c56
SHA512 0be3a219b5caad8cbe96b6230538425cf09589e62de193c7f9cd7e5753ba1f988ca5c425cfe333f790419566b1385fb1db6a093cecad82a71a12525662458778

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 6fba07157b23d9a46633f2e310670e6f
SHA1 072004b5c4caaa8f9a3727e4267dc5618ce0c3c7
SHA256 62cfc716e63ced807c2001b76b8cb950add253e5585dd805bf27c71e56ec20ee
SHA512 1609ea40f7b3784fc7c9a73954a89a0f4e63f42c04e5149eaf739961772828386b46dccd13f4907a679e8951cd7b6ae6b358c3ee8200003e2e0a9e115ebd425a

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 ce8833fae9d9e9571f2325a4eb226edf
SHA1 72f44c12ab0aad3dcaed5dc500e9c75559ebed3d
SHA256 1c6bbc8bdeba001eb825ec06f058324a2fa45cdde669a19222e7760e05f926e7
SHA512 949d19994d26af9ed42a22ffde7922e2ed7a0564103ac0aa3b3db900a096cb0e4f52949be304c5ad1b60d55c4e7280a9dc24ce80234e23406c4eabe7e2dfdc1c

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 a0f62884ac2b8040dd8209557c137034
SHA1 d0bf00ced49a70ad8b0071dbd2a9d29b329386b9
SHA256 40b7b602213dba30d06e0fc602a323a0a38882ef0e3cf63d16c6040f4acd73c8
SHA512 b8e7dfe2bb00920c65814d0a4385a31d3b977b65e07124b7fb72a6e26c22908b7c6c3017a7c31ae5bb83922718746f64094b1a21598cd18fac0c12a291f91d92

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 5995435898709adc2408dc7878680fc5
SHA1 268ecda36386dec31233095ab36b70545f6d1f03
SHA256 26a4e5baebb285c59bb515a91262fe65820da3bd710d4bdb835967c8e259287f
SHA512 3527290928482ef71e85f872050c96a93444de63436e02411268f95a31a4b2ca6679aaca206e95a221d5093815aaaab6a912e32ecf9190b8729cb392523fcb74

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 71fcc5019fc631c4c45690fa038435d7
SHA1 d7f388af126ec3d198dc2c7302b8f9bed56cb55a
SHA256 4706090b8967f92c8ac64ba5d8a53edb18b8d505a58a5a903cbda95ad1a97916
SHA512 ee36fdc56e852c538b4826fcfb9fa7fc87e9f700b95e2a569003c8cbbc5076604928bab4bf3a2f81e0bc60b785b0237a5f3a41def8b7b72865eaed7cf1be4b0f

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 efa605b90467cc5327ecc983954c4940
SHA1 ff3b47b68671f3263fdd72b76bc4a8f84db56208
SHA256 0fe356651592fbab04b208b5d511e4b18aa65407159e59a2494bcce01eabda18
SHA512 32c42d5f8420d639f962ad747aca20d74c7d3a3226abf33ae7d8d9d482a92c617d7d7a9c8ea88c5ec3f425ce99f6f70245da40276fc9a118202b1604d2327b7c

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 0d1e4caf47dfe7417ca198db15846397
SHA1 28bd15c955105302e59a356b9dd3df88a62206c8
SHA256 b62f1ef40d4521eb253549775f1295b291b006bb93c77ac74160e0ce96f288ee
SHA512 8fdea7521cf309c8122042a901e3bc8df124c6346f88802dbc447feafe35c06c299f124b007ca1248f351835faec97ce5bb681c83b7f2b5c9c55041afbf6b074

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 ad038e95ee66f174b7fcc184079126dd
SHA1 ba04a9dc1e052bda75f1dde1ad938453e606c151
SHA256 4e0cd008b6135a58231f3f51d6eb586ab0a1e9818ef77de2f83b4202db370e40
SHA512 56edcb535cc7f536f05e084dcb5c865c576da1bfb40eb5da00214faf1a0532f60fe5f2ae1ac1afba3ac3aad22b0726654e7c900f18d8835d506056c85726967d

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 8011c071a01721fc1036a8d5901cdf62
SHA1 605f50582b64d4640937cbb436276ae44b85d9e9
SHA256 a2e9de43820ba5a18c44ea981ca11579bfb53bb823e676c5e71bc2b15669b338
SHA512 5212a8fb98710d6a76734a5ea667ecac9b3e5a96a24771c0f1a0dcdbf26350640fa6562ff485db3ba6a4547eaa5a86435dc1f5a7d20abf87d2b4b3f072595067

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 97a44d340fc1702518559c1f9db6be31
SHA1 e7b38bc62b2634b86eb28003ef89038e180fb76c
SHA256 a4e1c3e7ffeea70412744aff9c6f56e4def4df7af6d411df5146744d1987fa19
SHA512 7b6eb2950559de3efb4eacece916b3c8d96f092d0fbfced52fc2db6223e36d8bd1956a38b45f74ca73144f135ae67dabb500abb0efa153f5ad2582769fe75556

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 9a8ce172ffd089e3fc4738714ff28737
SHA1 c982d6a3350108ec978819a1b3ae840baa48da24
SHA256 e8e2df0e1444d0470e11f74eda6d1ccec1d89c3c8dd3cd4512f30a1fa58330a6
SHA512 c5d0c2b4537a46dc123bc2143c1d2d210fb6cb27435cb2fabe360b3ba655febbc07233e167249a6e0c1248e415de667e21e96d25591a62dee909c710dad87c6b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 fda1895a4e0abe04a483a14c270c1ca1
SHA1 8ff220d6a80a6771b0c49551f6949053faf5adff
SHA256 0208f144ae86d0e1ad107a1419258f8cdc7807d283803b1379f6b69eaef15840
SHA512 2385e6199ca2e9bfc2e85a7e2618c24ec9244159d1afcdea1cca9c75fe470be6c99fbe0561e334a0c63b0cc573bdf418cf2f21baa959fc1baff798b2c823896f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 908a3f40ad0e55a9b02b8565725b6c5c
SHA1 01e0551ddaaa9c8780709109eea4f3a528f65883
SHA256 23f7ec5260e7551df707f3829b1760536f67b60d65df99e0183273c0816e5a9c
SHA512 3d4bfa2d448622b8bb6cc9c7326872daa125156b9e9ea4a122e3a5e3e8c3ecccbd2ac1917a919308b153116ca2db4e9b073ec23711e258694748c5f24327d4f6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 851eb2e14d78fc0ffa691e2f3403f16f
SHA1 396e1280fabcf56f067bdafc89b505e28849e9e4
SHA256 de09e78c71f1dc9edcf853c5db193b3772300ae18bc4dd26dbf3fc715598f807
SHA512 a8c0f7f1af623100fd8ccb9812278435e04e1c089a7a4b18b9a4fdf8da5d839e3f8872e5a08834e68a4be344fcd61262ff7104ce33c20b988ef814fceba8bc24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 0168d44905a2374849d12a1e38003d1f
SHA1 443d6ebe993c6a4634394b27dc2c0b53bd92af41
SHA256 519c6500b3cfe6a4cef4ee909bfc443e1af71064f75d7241242e134e4f06d977
SHA512 2f61ad0ba68c451d2d0420d85c93e2db8cf1b403089438af1efccd4a6f91313967d1944eb031d57e6783246de433d789249c12698f375079632c9a6abfbce3db

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 20653f4c92aab48f519223adfefe6995
SHA1 add27b0ee32969496ae0f3b05385c121534a70e4
SHA256 1251c1f06d89a69f5a0eb9d002f07d0399d0bbe7b077157b61e8c1bd4dd04405
SHA512 d6b8fec147518df6ef55ffe439b0814cdfcee0e5ac8725f2fe622bba3b442154c890ef78e8b773b6a96c9ed3ffd38769911cdcac5a9964b9d0315553c60243a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 18870500415986abbf42a6618e86b33e
SHA1 ad14e4cb30ac79dda9f7376fcfb806261e4f7333
SHA256 dc8ea2b68b89a639659670e55e372ff94610849aec7361242bdee52927c9c25d
SHA512 6c55ae418bef712fd418a99326ab83aac81b8b6160fa6e16fa65ed20f38bd2ccfb1d8da208fb025dc5252c07a820b0526f3aa5b2ae07ca121794b76ad40aeccc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 a7c97f37d0f75ca44d88030d54b82336
SHA1 a3067c5be7293b5726c426f0dbb09e9dda908e1f
SHA256 ad90a8a797280ed581202a90fdb9ddd91ace9f67dc2113132566b7508d9a1bd1
SHA512 5211b26d3725852c7d11e782a241765aed98a860c8ed811b90eb6c3242ba2df93c69e380b74cad5be5d4be23a438f10da0fbe51dbf0e17fa75b89658cc569dd0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 4b73409d3e89f85ba80138a0bd38afa2
SHA1 948ab4b6fb1313c33c9eddd54da998c8da8a5598
SHA256 186ac1cba6b4e2afa02a5e9cd8bee026e6aced3ed813799a0412ac33763f7698
SHA512 50e00a4e8807a17f6c9d33a1de87ba9c22d9c0c6c9dddfdc49f8a5a65c85610be0c29f47801683eb83599ed8e503c466510ceaea7d09b20bccbce418340e2ca8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 3e329182c1e93b515f221a1bbb433cee
SHA1 ed99c307bbca2955f3396c2c39f1d4cefc6a84af
SHA256 f6bf043d54d911d2db564406691b2989530218e46f5844cd3165d18277ea627d
SHA512 4d46f7cefd1a5402a0f5ec373943c1883b946e71d0b973e9e4bc4c41918fa5c9ad0c30c16817e30e86e2bf4b91887284af0eebfd237af773416c866e132a7a1d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 18db11693b6f4b6ec44624406599e86f
SHA1 5c784917db31bd8f87004c3b28a1f9e13b7dde00
SHA256 2cd0356f90a22cc50222b42d425995bd370bc805ac5ae23966a76fc9ffdf0921
SHA512 fef15dfe222b21738e3d084edcbaf55e982b8bb298ee826a22c53b0b9075015ec3ade734f3dc7bc0b5a1b6d8d12b2222244a55f5871a23dc0038c13aa77f7018

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 d7873de7da7fca22ff3ed9ac88049563
SHA1 0c7cad604c8ad4f61ae9ea103a15e0905b899b50
SHA256 e6b277157283c00cc3b511953d9e6313cf61817aa92239e62661954cea2da21d
SHA512 e03d310535610a231debe69c2563a78b3490a17941b2779b7a6d941393cecf9d25510d7026c693b9a61afc1d8b1781336e69e4f9df0fc93844d1ea57159fe784

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 cacf375a25f5762340dae7dd2a0ddf5d
SHA1 6cd233d2bd0de4d036e2f9280bc807d9f9df5252
SHA256 8b5a5bc356f1d31464eecb29695226ac46bfec98e4163a188042099220f4f8b3
SHA512 6f53987cf37591a619eb7418605321b3238493db895ec4e010408a0f8e7b10c810533bad65ae79a4f722653c7ce644be70f9371a1edc3acc5cbf12104e8b2e5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 ba0aacc9dc92ceab85be3035638bb283
SHA1 a382af2a5e2d174a869f87dddf9247dacc3ce844
SHA256 c8487a7f8fa5fdd8dedb5b3565fa0294d0aa0a07f489e06d43ea7fd57cf69aff
SHA512 9241a7b97c1e2e1d3f563f3d27af29849cea5a1506cfd55c1a96a8a1cd45892c6050d6b49eebcc861db9ba479f55b87de38fd5a35651d62934cff6c196477d35

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 95d12fcbbade78c078e18cce1557c5e8
SHA1 98943ba730f6202655417df8769526b71ad7b249
SHA256 d87a9ee3ccad9fcb9d94b77f9891eabe0e0350904920877564d7756ace28fed3
SHA512 8347d096b5def2570e8d4aa3384122b28dd86d691c11538f470f37c639a1830f7ef65029a0d7c0275cf42992725d37fed1fbce63db49517f392f8afb44fd5dd8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 7f3f56521266ef430611ceb7840b5f64
SHA1 93be151b4cd9704760e70b5e3ea33d03796d1b7e
SHA256 e0e684585e84ae34965fdefcd4d7a6277ceafd862581e75f445790bb1ba2d66d
SHA512 e803e249bf752ee73c7f87d6d7ff4a0969e1082aa50bfa209e335e4b0ed7c3597b1efb2d453ff3f7cfb7a01404e74ceddc65154611a182c47ee36d1738f65be4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 5a7c7c9a9a60024a2562b8661ea0edec
SHA1 7026ba0cb2c1f1f5920a29d9f0a88c66ad52dd8d
SHA256 f3e57f014300f64b3fa358aa3c42028f4e481a57ecb1064ff473818b349b775c
SHA512 3953dc083b2eafaad42f1553dcf2ace7797d9ef81d4daa4d05b319ccb203433aec1a8219c6b8c8e4f7d2631e7afcd694daa3a36bc21d401b0eaa129edbd24c19

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 abde08b0baf4bb3169a3c50c213917f1
SHA1 e866889f360181f7768b869a75c4fe3fefcf9daf
SHA256 1926c2ac59f7c650e597c30ebf55bb8727c312a0ae26604a68c0d5fff06f1292
SHA512 0c377a0cfda698af9482e83dd67b976d96b7a9e01b6bb6177998906fb755c90376cca9f3852dc3e408bb425b4d0a3f4de47ed4058420a4c7eb8bf152977b92d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 17ea48d3bb73ed790773ec12bad9d015
SHA1 e3e12ad286fcb4c9ebeb4b13f67ea29d3b49a2ad
SHA256 367cedd7afc90f000cbe1aab4d4b6ff404e1320d0de0cf7393498b7fc7fa16b9
SHA512 96fd9aeab8343da9456aaa91f10fdd3bbaf68e87288909464325c409704a13b03f8be0a79d7c02b445593806c271f38a70e02ea7d130d980cfdbc2cd345ebd5b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 39ffb8eee8cc758646e62fa04fafb553
SHA1 73a313df8f6517edb08a5427737126047f46b7a2
SHA256 71aea0adc8b80677c42b22f28b1e57b8192f217abd3dbdf7916c6a935e0bf160
SHA512 333e3dfcaaeb920b80a03eda24c38ba9e6a6df6c65d117588c5ff4400a0254fa3e84d9d356fc6ac7302eaec90ce90bb9b8702858667d7cea7940e07fd1869672

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 91d20beeb53f7196bc46eb5fa070e470
SHA1 9feaa837a1c3673aa0e5f3d33a99fdc582e634a8
SHA256 2c5cdeb80d1976e03ecf80913cc478097cb7e8909e0cf75ecda6cfc5906f9fae
SHA512 17b1e32b924426d9ac1d722b12556815ef750f58e56262125325cc094669deddc5520d1aa959e4de88cfdd43e9f9e5450ed8a15484b83b33feed5bce4d5cc8b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 35526a9f3f15fd51a970a40dd605b0e3
SHA1 6f3e9565b23d5abfaffd1acdfd2c8745481fd540
SHA256 d6012188879fecd8b83a1dd25d0e323fb50b23a5b15d47f8d38cead05d020ecf
SHA512 bbf8a5c7dd848cd5f4680a6f52033ae1dca0f486fd67b22229fb626d6e9deffa1afcf6ebcb7d0330450f790b55a00b7c0618cf033e3693c86ff16600ee677bf9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png.EnCiPhErEd

MD5 b62fa68f8c5544a5e26de498b36a2ab0
SHA1 8053ad48a126903827c9649bd39f02b53e3842c4
SHA256 292addbd4f47bb85fad8dbebb6072d21e3c977ec9841eb9f22ea2f573f83b9fd
SHA512 a9f0ed7b400d895a15d69491dc4a1c4a30e23b1f2d7cf56407b022806b505068ac2e5114f42f9e4816c76565107c9cceafa649f39634adb93b5cab4ab057f669

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 949c10bf85b743157d4a6efe6b2c163c
SHA1 bd71ee1b0cecd7b49e4a0ee1ddc4b78c20d766bc
SHA256 3eb9e54624dfd3b8f390bbb7208604ada5e533a5642a027e7df09b389476fa5e
SHA512 eea282ce6615cc29fad65f461940eab27f65b39707c980214bcc630ad2864eb95eda0b6165cdb7a2c951fa461052f3fcac5239c179eec6d35e70b557da769c00

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 a5b3b45bf10a11b6e1b63a45e4ddacbf
SHA1 ce86797a10c0684a928eb1515084dd359769e22b
SHA256 1883e7e35ee41f2d6724b62c60566c7930ca12cc8b98401971daff600457f9db
SHA512 8feef1a83c56c85113597ec2467c9fc9d0b6901ffa48a3458a0b3a70f5eb8588db378985467b55d984691d51d169360ee27e751e4fdfa7d3900cd305faef4af6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 1d551636eda12bce5c52d0b7dd728601
SHA1 009ab1f4fa4e78fc59803dee89878f102c325bce
SHA256 3a71ee3c46fd324b9f32ca0d988e67762ac73db5ac12bdd4c6cff28847231d1c
SHA512 1e7f6aceca74a6313fde1691995fb6df400175782c9b3a515553084515fd0bdac843eb0289fb43077d8ef337eb6b9c832f4f5be712431be20ce4ca0f63b1b900

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 997875fdc0678f5b8d0ae511bc71eab1
SHA1 b19f3bd77588b7954bbae984c2752ce585668de0
SHA256 af25e8620b4141df4c88638fcdc975b01a7937504ae83134d6d19514c7ae712d
SHA512 46d5c64342dd8169ec094612e653263d0ef50a30be5a1316db6af1f50ce2ad671d62dbd1b12a845984d171fae08ce5951c61d51aadbd76cd0c2b6342004aca74

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 eac0c3ad1457d4d2aaeab790ed7f109e
SHA1 1f81003f2d6d7571b6f93ea97a7f4f57edac728e
SHA256 c2986943b8a2c09b101f29d92f34448418dd36967e35090f52cce7dff25b15b4
SHA512 a9784a35d7dfb6f5407ec6f514d35a4a64f8ecac12069f074a7bb672f9509ec20905f2ef78ead1aec396999ee055d77c1803f2068aaf5094901b9cb65fc7e7c1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 75add7e0458c2308c0c7cbad3ea3b378
SHA1 ed0bb32b9d3b8e097ba65da2d36ad142f7fb8651
SHA256 b4a4ce52688447dbfe33fe064e9c359e83b79e332e18c5600f56ba4f1ff3d4b9
SHA512 e522f46e0824a93a23cd369e7b77853305c821c9f6f5fe38302c96743e201d69545bcde69d69e2ec39532b842cf5c34c561cf6e51077067319b9aff01be75255

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 01e5ef527d0b93786ac41864c65d7d8b
SHA1 b646f5549e75a47d347e20a3beb9dbf9f44fab29
SHA256 289c09919186e2a95cd303303fb6e5a6226dc8597c7a363c52b33ec5dd1b1625
SHA512 677fb549a2a712cf085034669086fcb0bf548d6b80e2754cd77b223b25226b7f9a8fe7c39c95a13bd5e3629022f605890e4a3654b8f3f40119cf76ad1a13e006

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 bd251ee4665af7c001b4b567e290e45f
SHA1 40553b9dc895ba2f338b0844e54a96266f42282c
SHA256 a35a719710dfe53c795c9397bcc4eef2fb7ef2f5463bbb168e2d605fe63b3313
SHA512 6923e5886abe31c0eefe5db5414dc5aa55c8319e4c966aa72747a511d46c2d4a3c7a6f84351b9a0825356860435223ff146c70eda9053dd91c97c3a89e13be7f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 d5bfe70f7a3211750c5f9f98a32d3589
SHA1 953ea2c2316c3ad4c7535df321ae66030ff8c94c
SHA256 f860c43537d6badf8bb951c737a80ee8c4d4dcd590bb9bf1844c97b98976d840
SHA512 ec8c681b1f89ef619ed3f5b05f3e13b42f11c682919be12ffcb30fbd0ef23c79599a8e78cf982f6753240314d3bfd1f26f226cca61b32a44aa2acfa45679bd6e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 3dbbbec4e247d33079a9ecaba5f50c88
SHA1 4a7402d345091da2575388f65d90b37e9958080d
SHA256 b8e7c012f3f77f7122de5d1a297db2245762b940570b0d76045b4c5b70137085
SHA512 12bf393dd704670e73fd6d864671a3df649451cc34e62f2076d71f8ccd4c1d5484f66cf7b108b4aa4feea94dc0594090c719d59c837644e81a10ee3a8bf3d080

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 debea31058cdd9b0f3a4a536a7d33412
SHA1 fd2c37f48b48e0c7334abf3f9412d7c8cced2e24
SHA256 d2cbb66b76508151162991f65d1e7f2438110dec7eae6f99684cc6ce9953eeb3
SHA512 d42b50fc0cf6f273c8b927e5ce1cf7b78a82aaaf9853cc2a34cb63cf4b898a824e92762e61b2501123a0acfaccf75cfd323b20937dc919ac5fb78ce0fe26c2aa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 6fe94fcdc57e3b4e5c0e7ffe8660a3a6
SHA1 42db5c524d403e63b00a5f0bf94b551de06b9c74
SHA256 45054641707da322943a647cb3a7efca77dae1c7bcd12b436e1abd209831e136
SHA512 0913391af6412d3a3f95247b0c9afb4628e8e9ee4d2dfc4abb17bf15e8c50f5bbc097cde549544d08fa497dd5f40cdd9cb8660c1019bc78876db2e02d35cedd1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 6540e695f3d19196600faed72e8a206e
SHA1 28c9b2c12100efc66b3374489e228faa0f30dc29
SHA256 068333090b99ad1b266bfb27369d6c03a0695c6edb54f28bfee34e8eb227de66
SHA512 756b856cfefdc2a0dda7bdc80ee9df4396aa1cfd70262e3f1929de0de5298412a6317b1710d38a6d510365cd4eb4027b5aabdcf207446c38c4b704c53f7a6c5e

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 5f0d43291b438e34f73b0316e83712eb
SHA1 1f62eb14552d1b409d2d91a99f3f8eecfbae1c1a
SHA256 35e37fcfc2e03959bc87dcd338dd5742b959f9ad9a002c112545a0c779fe572a
SHA512 b5fdbecc19dd798128b39244357698a7274abfe067f1c4f882d5c385e419361f1d8c0ba4f3353fa1262dff87be417cb39dfe3ed1b11fd348826b1b14e32896db

memory/2216-5928-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2216-5924-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt

MD5 b8cb2b376d779d070d0039f8d81266db
SHA1 ebed2b6b7321f419103b5a536a5f3a9380dec8e4
SHA256 7cb75ce5b256ee3293d8520e34d570ce810f8efc159331f921366bbbb0275f92
SHA512 819002af9e03edff8081b0a802472c5b34498a099ef0470ff3bd36be53647895a466149615d2cbf914234cf0940a6cd0ea8b81a4adb05eaaf7490ed8748235a3

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt

MD5 c5387014d58c5c69b1704520fcfb4cf7
SHA1 d8712ac1eda6ed9d9ecf867b6e06f366d80fc647
SHA256 61f4240ee810c26e5d03cac2e6c941e003597869e45b87494b1081d33d613d6d
SHA512 cb8696a6aec79e9d830e91f31fbd83abb24c812b74cb22609d993f758e424b3aa014ab664839c8926fa3c0c03d6af7a8bc06faa54c7683a1b55c84d1d2924c42

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt

MD5 1d5edb0b897c3d0347e76f6b7dbd08b0
SHA1 0e90b7e9a0425774b5bccfb8aa9eadc7d4c5b968
SHA256 b919da02164d15ece9f129ebb4bd98e75a2667aa1a5cb4e4c3609d319c69ca4c
SHA512 bf8754c5220c96c50adbebc5c1ae27fccea93b94f03701ee220909b13a6e0012ff7d765d91c3e10e57383ed91ac6362e0646926b5a3d7bdefdcfae3966fdb132

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt

MD5 e3a49af282bcfcd38c04456544556274
SHA1 d75c8024c903a5e96dd30bff0462e1fe18f11b42
SHA256 d55136e729f7809fbd54043843d3c6e442e5fa5ef14ecfb1910d23ebcc9de64e
SHA512 92eb7b353dda2299e1d045ce646eae3cf6d0315d4f29b717601aa4e73bc3ef96d6d2060e6baea0ad664c3e322b35de808c626f981c78e2b0d5423e4e314e5505

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 6438f951b8f30bbac2be4f266740849a
SHA1 edbee24c4f5bc8cb60d8c6a90af8530477fe8ad7
SHA256 600562decb323637318b4b614b9634e68138ea7912eb5f88d61854aa4c463a04
SHA512 edb6dee3eab2294005aaa232d745f7e25b20de4451f6a7112d61483e3ad1beeeb7fdde98a85b3074cceab5767b0e2f94384353ec4b4ea046b3d7baf56c3f8939

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

MD5 359194315616a9cb9d017d62cdad054c
SHA1 61974aa802497320b74099c60ef86efbec764389
SHA256 3e25300dd289c6e63f75e171f5b00bc8ed52ebdc817750df920d1b745d61cbd1
SHA512 7c0ead9c3ae02c81b0bb3aa5bcbcb3768b766a083375859728d35b97d9174666b8740f794e31758d764d7347a91c982dadbb88f017339bd6d54db62601be63f1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 566c4fafef79fa27979648881dd99377
SHA1 33ed0b7952b3e72f933c027f993630a32263f42c
SHA256 dd8b7ab91b0c0c4b69b5999c576362747a14d0b6a844901b678b38512b0b8a40
SHA512 243429bb3a6e9ce7d8534910bba450af97ca3c4a5b43af64a3b7c07762b07fcc46f2b58a47ca230ec05fe330b4ad2d81330447b426139e42d4f43ebad81304ac

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

MD5 b789af83f47258e6b36f61e1a8a10cbe
SHA1 ca0e445491bc5820111956a8de4e3b989a58a5bd
SHA256 24ff5df068a5f746b3081c0cedee174ec639cc79227f0e6a5816d442d54d95bc
SHA512 32271b07659e7ace9b1661c93b8bb5348e1e254e1479ad3e1eb0499bc7a84cfddad71ca9be753eef342dc984f166d4a0d32f66f033f9c3710f0c581e4d96381f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

MD5 9f7b94e392684435e13f3c4276e66b98
SHA1 8785735fa2b6d56ad0a6cf83fafbfa3a17ec4d2d
SHA256 bd9a944c7939d1b3fa728926501f4c4244966bc61013cbb2ad7fc4c57d464392
SHA512 2d9fea76e2f1605e2268d9a944c054f1c82fa80aa2b1426baf0cbd810cf6c8796c2360dc62fccae98d10f1ec68eb1c054ef23e3ed4433de54cea928421b9dd1f

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 29521675f26413ad7f8ef50e5ac78029
SHA1 73160015314e0051dcea6fee8ce9b3db72a589f6
SHA256 52cc86818067ad545dff47100368b32838afc3bacb72d82e691e984ea1b98a0c
SHA512 d7a1b089505f65c7fe74b327e206c3ff47f59c8133a1a423c3a21d5e984909f44bbe08b26ec951fe9c8a2951e75862c82c655ef4ae798b1901eee3e295d14846

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

MD5 447bd316ef6b85a132f57e6282ac57bc
SHA1 762a390a8805038dbd86a343abec4ad6d734cd57
SHA256 43f9c311c93f9efd80adf1a34bd3eeb2a6198c72e87ea01681e4e76ecdcd32cb
SHA512 1295e21dac06009c6c9e7f89edd1f835d16f81fce342894a25b9651be0bdf6017a13931c42aac1e2de5c2ee6d1a1552b349729445066aa095e24a05df41c4a22

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

MD5 ee06255b41dac6d9b5125399c87944be
SHA1 cafd3513ed678861d37e267193291ad923511909
SHA256 056c2b7a4fc76ca1181f7dd054d10af9f92939366f25e983a493f51ec638377c
SHA512 999c4644844af7c0411c35cd7e2adcc00904a6eff5ad8e5b61a60776480471ca238821126a71a75b0a519ac01ada40a0dd556833ae482d9c964e562294caa95d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 a1b6b7febb3000220a88376ec85e9c08
SHA1 dc05ae24c55282fc2432b3901f22a8a822e767ff
SHA256 f25878fdefeb7e12b261412172f8ca618d03e5dcc27e927799638ad744d3b969
SHA512 c58df5880d01d5ec196e8c129ff99a65185ceb789d0d60b94bfc173b6a47fffa23795e347d522b36329d9389fe156fc9581eba6c0be540bfdba929f66d40a8cd

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

MD5 16d1c5bb9ab4fb7cf38bc499c042ecf2
SHA1 64dfe770eae57621c78fb575c26c2e1611a00689
SHA256 77653b8d493c44665ae5e072b89f4a43e947feeca4dd4ae84fc6bc1d61796329
SHA512 efcbcb28cc4a20c8e6f95d4f7bcfeccda5233a8acdd240b2c7afa20e2661f67873948f52333e739e2dbf95241294df34a79de518af3568107b45b5e08fddabea

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

MD5 931c77d2516cfdf53a7e37fdbb793a64
SHA1 19a8153048ea31a0008af70e3b3725ac62388454
SHA256 72668d4f58833db8e8bb157ad4bec284ec683533e602355d0fe48ec21c64b2b4
SHA512 7fd0215dca26ebce197ffcbf5e72ec12045cb7c948cb744ae4d44e0d2ebb796cc87da8c521fb829f33c1e6664cc9b9cff7922a894f7c2e2c83da1ff2f2b24dd2

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

MD5 ac91ce12f5288ecd6a75cd4656aa6a16
SHA1 f619602f45435fefec2f6156ab08eec626d00b1f
SHA256 ea8c770163fe5d3c46c1f3506cbd73b7672348e498aefec3b3003cedf7e02d6c
SHA512 65d9b27b8a3072b7b0d93470730d9a8530a47d4f1b97f9360477988cad140b7107b6a8cf6422751cade4a0142c50506bc74c9d27616894a7cbefecf3c8d03bc1

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

MD5 3fc5101acc3a06447984a2f3b61488d7
SHA1 809286952fa1601bf0a6c38cf6f56338a27c2f08
SHA256 220b0271201af03e592e8e1da8d8f5c306950f9b6e226aaffc8e38b0346bac9f
SHA512 05c8badc64444afeaeee1c65d64de2a4ac2c8ca9f23714fd62c09381a0cc4e501f45542e5ae37e20b614fac7c96be343fce6697877df93d7668df8b1117c2eb4

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 9cd738b8113af0b6d36934c898008370
SHA1 3eb015255c18a91ffeb89b7e1266bf821deeb5c0
SHA256 23507aeb7da9b750b100e374dd58bdecaa3dcfa70c134af948aa0a51384447fe
SHA512 556c9d2d0f7b619dc9b0e5c65d6d463d9ff2b76edb1f0bfabd9e57c01ada8c408041aafa299dfeed065de4b8a1ff86b2170acf9a838095f997187fbeae46f61d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

MD5 7f569fe54404feb3b0fd6f8de44b3c36
SHA1 45005e452a5f6e9084a67f861e7112b494c45d5d
SHA256 c6f860d8cc60acc755008f02754d886d936d37679c236597b9eccba1ea52278d
SHA512 563221c9fbfdff97ce1d0194ba632d68121ff156e1e43f730ee776091508747e21d834460bf3b23f6117214bbb2ed3b7df69dbe9c0436f34eebb160e17af04f2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 2a8a1136f2805eeeb07f32db56549c3f
SHA1 c38084000732096c36ec9d31ce59134c767707e6
SHA256 6fc01e9e0123d06ea5f8ab292a69eae02ee801da1360b91f03caef9ae50c9c62
SHA512 79da30560112f52400bdc01b4e6bc7ef4910a3ba4ff0b02ea7e3af3be8bfee9e307eb3a38dc22e95bbe7bbc72f3ceba724f449da1ed2e98feb1bcc3397eec1d9

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

MD5 bfee75fba758173403d585397e757f32
SHA1 32ddff849a7ee9cf6b7c3a181f7cc11d1e5d39da
SHA256 f4c56c44b57dd2c72ccb376819843045829fe6136086b413bfb0913fc2efd61c
SHA512 5df671184e0c7f3eafff82c0d79d5b3f5ba7fae003ae16fad776fb1181b9e3c8953c7263cae011c6a3e48622f5d1ebd341793df44bd937e7b0b4372143ff1e89

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

MD5 5cb227c433f30ecf94d78dfd39b768b0
SHA1 a63d76a99874ba9c035bad7cd3f83d2b53717f81
SHA256 8cf8281ce156cd1b5e5660d4191eb60b2791f53685dc5dc1e73171e04eeced5c
SHA512 159d80127c3d3f8830b2b4c66693447184140b953cd7cb0122c25caee91b36408a0529fda1f59f10c6760e66b3c635eb182732021378053a27b0e84e76eb04de

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

MD5 54f68411371b9c6fdd4e2bc4cb501c5f
SHA1 c6d1be23b3d2e226ba9a396f28fde868169f8438
SHA256 fcf3171a98f0f7497a075b56bb942bbed1d9dc197e6bf5c68c9854d415a116cf
SHA512 49943069dff99f5739d4dd736ec1fd3d4308120b7dd6284974096c90cbddf2d74ea4350926f843bc980981c727fa34ca1a531974e615f8b40d2765388580a451

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

MD5 f552a4a70d880e60a435a0573b5242b3
SHA1 9b4f408f92394904fdf118ef77cb2bfa9ee426fc
SHA256 1777d68681ef71d59840d5bbcf0f73b3169b27cbda7c490e30779e9d272b4c06
SHA512 c7365fa6d550792bfb9b191347b680de6b3caedcfe2e3fe02dfaac6be9a02d4019592e3fc8eb12e16a883887bad879fa1287a3c39e3522a77275275d170721f5

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

MD5 559015ad68907271c442f6acfe089b02
SHA1 5afae607cae8a34977c66caf148a98e8fedeaafb
SHA256 904a6eb229b10a65057dd7b6a2bef450bf4cb2cfafe2a3d31bf72d2bd82b2797
SHA512 8a1e0936786ede19eb1c56a8bfb9308729c8d85b7eb6709dd6b9c4624b73bcba9545a542ea5023efd7d69d9a380f7697b80d702a349aecf6d7a5b17e18623158

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

MD5 f2cfe40523be794649f818f6f619eef9
SHA1 49d2c79fca421404e70a9cd7f3a829b7f761a811
SHA256 b48e1bd8d7c0875007ff7e65342cec2e6b15bb8afc72ca3aa1cf8dddd34984ea
SHA512 0ba68c8624c4f2be15361a53bacd5b05811c8542fbe99eee575a3c783bdaf6234f294645510fd1630f9667d47ec25328fba36f61224d93a6da9f9bb3c681d373

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

MD5 38adc4ec93134ad42e17d701f0fb761f
SHA1 691138199e599daf23b9f14158ab108734c0fd27
SHA256 2d74ccb15111e141829f9d253629f17885a60529e26f03df2a8166a846743a39
SHA512 c5f35f0ae9094a03ec200157c12c04f52c8e0854fcf40602f842f8010df6eecd56b8683aa2af20d49528781e7ef30a1b65654013af13e9ba053da19031e12b82

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

MD5 a1bc555b3c675b66c20a11ea7c1f7f68
SHA1 1aae9cf06f6a7b233055af6447516618b7619b65
SHA256 d30de12bdec676a1c704260cbf9b7140756029b30e38b722eb2811bbbfa6203c
SHA512 1ed3df8d554832c8db6ca2c931e5a1582a95e9418664b55203c58aa6c00120b39b019c75868f357f2f8ca3d681b3182fe18dd9d422a01923e2b95b0bbf0f661c

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

MD5 7154558dc6c3da7e9dbb1b7f2e4a93dc
SHA1 2c39acf2c654fd5c07711702ae6560d92e0dfe13
SHA256 f0f8241e3db1003dc762e6b7917e306e5e73cf0351d9dda3421bd2e9004a4161
SHA512 420435c2769440adfd4dd31e9691074d4c3ec9fb9330dcff2d29ab6c183df529fe4c1a402122669135bdd8feab1b40ed9238121666979de85d3c08f7a7742194

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

MD5 3105c0549c16f389a36f85103939b0d4
SHA1 d66b25b1310dcbce95eb86d8bb8aa7a458d554e1
SHA256 895f63560d48d5f616b6839bc1610fd217dc12be6ce6daea4e21fd43c9b1f60d
SHA512 c95e5338bff62bbd4dc7004778a6ce35cc0f9bcf9cdbd921f725df0a39fc46deaddf736c12295903952a1710c569fd104d20ec203625394d5d069d74d039c8ca

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

MD5 f134495f8a4e756954b8299df4506a22
SHA1 b5127fb36141e92022f53354e8fa8d6c639e2b85
SHA256 0bf4a44dc738f0b38a84927c1c3b149edacd2833772038521f580fc2696a1130
SHA512 e819f506455bb54392798d5392cdac501cd7b24bf5e36d860dc4f6f6c4f2b2cf09d7f4f098582d616297539e52fc98b47f0d247778fd354da7f619889c66e930

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

MD5 36c0be131b669b796131f6e470967762
SHA1 b457bcbc063e255ab5483aa324f85d025a7e8a96
SHA256 4ab4ebe8c8070add99b4f000e4439107d4d7000358072609bd638db6f2566dc8
SHA512 23a46b2aa751959f94db2ea03d9c2411aa661fe1e1f6b50632cf5e658fcae0c8a26958ad2b3f5ec038f4fbbcb63e35e82836b0946714b2b1ac8aa94ed73244de

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

MD5 00afb35b3be75bbb161423ab1640a9d3
SHA1 3b55e563f5f6d10442c67e4ce6cfb00ddebe84ae
SHA256 5ff90b2ff0b213795690341c4eea79814f8a03dbf32853227ac9c5ed3bda99eb
SHA512 256164c911bf6140311b3b5474c3e92b51f124b9031be3f75059ca6ca974f04f90e2b9f72e0623e86e1d82442fa6d9716a191a793990ee6b2b505e7b0aed000d

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

MD5 2be1b4e10eb6cb626c9352a65e97b22c
SHA1 d86f195227998306182b19aaeebeec5cfee9337a
SHA256 be0f7c5cfa119c3e1c1197a9befc3b4bca4f4a61a37842785211782eb2bb1c48
SHA512 0b09b360e084f3f5fb0b7b5bed729c8904fdba2e650a1ce1025be9fc9a779b38822b2fef7d9a5b2925d43a86c1bd0fd3c35d381d837cd792dbef8a40e1615230

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 207c0a6bcde502a249cad609323a6e4b
SHA1 dce7a3dc190192215773bb7abb799c7a1b3526b7
SHA256 2a02dc5acccd52e0f60ea6c11d288e80b74ad1c53d6952d175c596ec7129ac4c
SHA512 4c31107be0305ef218a19e6f47aa52142399c56c37af45921d8d73c5152c58bb9ce0195bcd5da066609a1a6f7d4822bc7f486fe933c5ef88ca969d1949bf01e2

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

MD5 3a92fb2ab27e853e484137dd14bef085
SHA1 332340d88514de9551a418c61dcf9dd4279d55e7
SHA256 c1b6a921aa27fa43220056fb79c62bc428d53749cc0d00b98aa601b864b90a66
SHA512 081590050d36dbe4cf330e0a363cbddc6b072fc311153789f9bdb6b8fa77d1583a5069bbb989c17894fd804caaa4ba75528c4db21b3d1afe206189998f5933fd

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

MD5 2d84960d8cfca427ed55fba3454f530e
SHA1 231b938b34a7a392f10fd511a832ee5c5f56ebaa
SHA256 628e97a7681dc8aa9e59d5d82801b3f3125b583c2d373966a33aba1af1d1fc7e
SHA512 9edc094743915ae251820134d2e07137e6d3ee836388116126060db051297474094a325d117ee1c8c5ad9f98e6ede3c3f4c8a7e96ffe44fc953ace9e6384b2e3

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

MD5 d92587e3d13a7531c63edc1b098f5605
SHA1 9013c8f4a9f042a9c21d3a44e04328bc29e8920a
SHA256 d9bcf2f15f88c1dbb862ca5f6724bafa1568f46e5b9395f658b01cef3d1ddc7d
SHA512 b917098ac7cb724f9cc8b3bac6991bd1249e21e0a9c3b54b1ca4e110493ea1419a2c99b7d875fdc3dc9b74c933ab893560181e20804328d2cdc94fda7d948ff3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

MD5 6ce8f3420125995534d8b40326a94624
SHA1 317209523160b72a5fbeefec894bc7b70d515035
SHA256 ba29e35fbcfb95bde191e9b487f11bfe6e6f8e51a1e58eb092a9e0b6960492de
SHA512 a4082abc527335a7ef73666210296938b3c4a993577b380473d254fc79f14708dc887327d3b47e107d9ee4af95435b12aed352dfde04f813eabd08ca3bde6430

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

MD5 35b89225def5214aa888a1d1941c04c5
SHA1 878299effa2397b212639fd058c1c368ac35caa5
SHA256 d6499777ce1ab3d1e865d162b85d7fe19ed10c91ddb2447963fbfa4964158367
SHA512 5ba5fbd8b5f0eefb295368e697ef47c42ceba77e704194c6187a3c27dd6f50d4c80927a8300284c38fca74238cad0a84fa458e56a91efda4ef73232561cf97d2

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

MD5 1e05657dbd1d7364b2d73733d347835d
SHA1 d0bd64822a4f3d868608020022534a1405cfdac8
SHA256 377cc11675a31d020a9d2860c7606e110adc6197210904f82d108ab4931c25a4
SHA512 51af562c3cbd20afc9844c196604f2e134967da3a2af72a24f92da35df3181e49624a4319b4bf8eb6fdde10e207b2edb4a8e9afa822d1d8233880d2c2d53b3df

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

MD5 6aa94b09afd0963b6b61f68f85e5bf72
SHA1 c37f7e976526b8c2932540bafc80a23b1b0672fb
SHA256 aec939a318e47ca3bd80534781d225660701b7893b6d7d05e81ab098c46c0158
SHA512 4142375b7759030940991ea06590451c0b34b07c5ccabf54414de17b73efd80f28de9866c92cb81ece460d617533249a80a002a695717f5cdeef667be13ef5d7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 89b9e1196544805c00554d582cfe0cdd
SHA1 ae0dfdfeb4c6d66c9f21d860ed979b7b7f8e6a9f
SHA256 464ec33c23625499a5a45b3f90b9d34b73bcc933cdee6f7798ff1b62c4b9cf5a
SHA512 0eead5505c3180dd97f846e462741048841d3425200354e19add101b4d4555e42d06879481695f301fd787a456bb125d005f4038aa35e7edb61e50f69f6e3988

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

MD5 644be439ac610a03a6b0e0bf6c0e4622
SHA1 daf8db9b1fe18af20645627914c72e47b7c26736
SHA256 a4f9e591b523d8395500b66ed0bce6f3ced6561de623feb5cf3979bbb10d3da6
SHA512 eaca212e888afefd087f9e5f3c1080876d4f43e1d3de9a89ad898cf30d0d63e2da05408d138817f3eb31f5999fe1da4c22d4c9f9ea3c270b060886897802c79a

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

MD5 ccd108ac1aa0e67742771b2bb0546116
SHA1 10f9e5f6989f2f44f0d56fc9a80b79229ba241e8
SHA256 3463c1a2bc50b08539770c95a73870690a0a736a189b34449a59f7502a15c5c8
SHA512 d8a4b0d625c39b79767fdf3c48b3a4ed687978e1055fd116f648259d1ea97ff96f9e23105eae89fabacbcd389cb8f4ff88c9af14be6fd45c2da1dcf9cde06af5

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

MD5 0fda231d7203e084c92fe5be930bb0c4
SHA1 be5b07cf62d4f563332dff992843f9c81acbae78
SHA256 7cd44fa1564cb0fef0d134e5f4f89908b460210f9e72a40de16c2e29582e55da
SHA512 a40d970a9296935e0fbe9007b7c933cd05ec94153a46eb2aeb4039763ad2c08d45c66e9b06c47fdb5ab7993ae37040464c904034705937990a9ab795b54e66a3

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

MD5 847e58d1239e5c1dc20f1be260bd69de
SHA1 7c9e094f3914f938aeffd1502f22bfa46e518e96
SHA256 f0b7c60f694fb4a2b81ebf71b4a669f747a6b487c33d069bdde8ab0149925aed
SHA512 fbb04da8c9bc026c22ac166528bc0f96a524e16edb7c44a4f525d8e722c03f2579789ba424b4412a24bac8891fa2c21b2db739409409bcac61243cdfb392cdc6

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

MD5 4b98c8176ca56288166dea88df098fee
SHA1 7ef060716b5ff274a876e1d3201554f0b93ed943
SHA256 708b3dda46c4abd51a95c46aa89a0a198167ef739300f168d44008a4244b143a
SHA512 f6b301aae7f3f49407bce5b49de3dcf698801be3746cab3b3c3e2acd0f0112e8b70f7942ee3c3af59f462a2d51e82a9618ca2f764ae337de307b3a5a2295ceb1

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

MD5 6ce3ca7baae987f52bc5f1249df2a2e4
SHA1 9764aece9d9aa27e0d0e0e89906973703ce34a5f
SHA256 3521e5619678eabfe012fd164c3ef52f2c2da47936304c2bcdf63d794b4a0fe3
SHA512 0956eca19cd939cb3124a1165e89708275374eb773545f0fc83f6af72739a4ee8ecbcc7be3ed772ff1b11ce6bf050a4850adcdb5505afed65cb9e986fccfd4c7

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

MD5 59d4d08b3b7e42c24def1b8912232543
SHA1 35b61a811ce0cf4f24b44e5a75f80cb9b6f65c41
SHA256 40bd180a066f594f7dca0775224ccacd90be9c6c72e513e06bd92f36693c17d2
SHA512 feedd887fe8bdd41918a8d15a244e7c5b8941cbcc69e84ff624d9ca7bcd3788667a44a99590c91f14ce9fb703ee24c3ee6d8292c107a1300cb87f51e1844df80

memory/2216-10421-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2216-10859-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 0b58e1b06b8491d86e366cb0c00e9394
SHA1 4d648dc1805ede0328be8e7f8c12f891f8f37550
SHA256 e0e26b263f36cf6ba0dcaef7318d42254b187ee61354efc2f038cda58d06cdd8
SHA512 8f9f680dfd296362e7eaf5a85f814580982ef02ce3f3f78d821e2a4ea74a31734462172b8e9abe21c401f8481c881bf5bfc3578d8fd8567c94466946db16db8b

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

MD5 643f223b58ec9fed72c9dcf00876b298
SHA1 f4ab11361de44bc1b4cba25bf751f172852442a1
SHA256 d8ec3dd46440440ccf7b412d257adcf7b35adb736cdfa018b82697e3b306065e
SHA512 2020e1f0b7f6570ac03d61921e45ee34645b27a2af481ca60053b5fa26675c88ae5946b7c99e03a4cbcae3228688df4c7f866b0ccf166a682fc11aa411f51761

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

MD5 249b7036ea00bcc937457a8c60320314
SHA1 4fcc82b5f8ba39df892ab9805609a785f6119752
SHA256 4c8cf96f91b14aebb7ea2f2dfbafd12871b9bdc282547d3b0cdae5f24d502c89
SHA512 d82ad0c2585082e25a44206d3525baa7cf44c5f74ad03607e95794ff9f1e5863a0d788aea6bc773f9bfeab50ad3e0a1f2288c1ecdd1b6559a3496414213415ba

C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

MD5 9dc4ce09995f0979e9608c6341ce1e84
SHA1 39dcc292f4cf5b066b1602fb6dbf422e62d28fa4
SHA256 acfee069a472ebf34b99929549d2cd7d3fa69b6a4af90b5f25b559b7ab2301c4
SHA512 8a1e47af538ad0f809cce756437073ab8a6bce87c7cfeaca07b5fbf0a48fe6eb5498087693aabe6e500e449d9f03b4dc74a7298ba4d02a208508fc390eea5e25

memory/2216-11192-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2216-11193-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

MD5 a1ad17b71f90a72999f24b6214beb89a
SHA1 a59eb04ca93ceced5cafaffa31ba250600418fa2
SHA256 7c63678ae1e41c73969057a6191613edb7aaf40bdca7f05862f96abf8e9cad4d
SHA512 5631cbf5274d14d96fc0c69e02db7e2128f90af9ba5407b0804323faec41db8b2b2f6f2893e4ba559dea3deaf6489cbc740f63ccc78018af9c4bdbf60635bfd9

memory/2216-11198-0x0000000000400000-0x000000000040E000-memory.dmp